Normal user can delete important files

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I am concerned about the possibility that a normal user can delete important files from like /etc/passwd or files from /boot. They can do it because the permissions on /etc and /boot are drwxr-xr-x.
Should I worry about this or am I missing something?



Thank you







share|improve this question




















  • Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
    – Archemar
    Feb 18 at 13:22














up vote
0
down vote

favorite












I am concerned about the possibility that a normal user can delete important files from like /etc/passwd or files from /boot. They can do it because the permissions on /etc and /boot are drwxr-xr-x.
Should I worry about this or am I missing something?



Thank you







share|improve this question




















  • Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
    – Archemar
    Feb 18 at 13:22












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am concerned about the possibility that a normal user can delete important files from like /etc/passwd or files from /boot. They can do it because the permissions on /etc and /boot are drwxr-xr-x.
Should I worry about this or am I missing something?



Thank you







share|improve this question












I am concerned about the possibility that a normal user can delete important files from like /etc/passwd or files from /boot. They can do it because the permissions on /etc and /boot are drwxr-xr-x.
Should I worry about this or am I missing something?



Thank you









share|improve this question











share|improve this question




share|improve this question










asked Feb 18 at 12:57









Pedro Palacios

32




32











  • Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
    – Archemar
    Feb 18 at 13:22
















  • Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
    – Archemar
    Feb 18 at 13:22















Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
– Archemar
Feb 18 at 13:22




Have youtried, as a normal user, to delete /etc/passwd ? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
– Archemar
Feb 18 at 13:22










3 Answers
3






active

oldest

votes

















up vote
3
down vote



accepted










No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.



So, for this example:



$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow


For /etc:




  • d: the entry is a directory.


  • rwx: the owner of the directory (root) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd") this directory.


  • r-x: members of the group (also called root, but is not the same as the user called root) have permissions to view file entries and change to ("cd") this directory.


  • r-x: everyone else has permissions to view file entries and change to ("cd") this directory.

Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.



Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.



For /etc/passwd:




  • -: the entry is a regular file.


  • rw-: the owner (root) can read and write to this file, but not run it directly from the command line.


  • r--: members of the group (root) can only read this file.


  • r--: everyone else can read this file.

Originally the /etc/passwd file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow. It is only accessible by the root user and group (-rw-r-----): regular users cannot view it.






share|improve this answer






















  • +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
    – cas
    Feb 18 at 14:20











  • I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
    – ErikF
    Feb 18 at 14:26










  • One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
    – ErikF
    Feb 18 at 14:31










  • I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
    – cas
    Feb 18 at 14:32










  • I've added a bit to hopefully clarify what "change to" means.
    – ErikF
    Feb 18 at 14:34

















up vote
1
down vote













The owner of /etc and /boot is or should be root.



echo test > /etc/test 
bash: /etc/test: Permission denied


Only the owner root has the permission to create files or delete them from the directory.






share|improve this answer



























    up vote
    1
    down vote













    To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x only the owner of those directorys can delete files in them






    share|improve this answer






















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );








       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424953%2fnormal-user-can-delete-important-files%23new-answer', 'question_page');

      );

      Post as a guest






























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      3
      down vote



      accepted










      No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.



      So, for this example:



      $ ls -dl /etc /etc/passwd /etc/shadow
      drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
      -rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
      -rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow


      For /etc:




      • d: the entry is a directory.


      • rwx: the owner of the directory (root) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd") this directory.


      • r-x: members of the group (also called root, but is not the same as the user called root) have permissions to view file entries and change to ("cd") this directory.


      • r-x: everyone else has permissions to view file entries and change to ("cd") this directory.

      Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.



      Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.



      For /etc/passwd:




      • -: the entry is a regular file.


      • rw-: the owner (root) can read and write to this file, but not run it directly from the command line.


      • r--: members of the group (root) can only read this file.


      • r--: everyone else can read this file.

      Originally the /etc/passwd file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow. It is only accessible by the root user and group (-rw-r-----): regular users cannot view it.






      share|improve this answer






















      • +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
        – cas
        Feb 18 at 14:20











      • I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
        – ErikF
        Feb 18 at 14:26










      • One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
        – ErikF
        Feb 18 at 14:31










      • I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
        – cas
        Feb 18 at 14:32










      • I've added a bit to hopefully clarify what "change to" means.
        – ErikF
        Feb 18 at 14:34














      up vote
      3
      down vote



      accepted










      No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.



      So, for this example:



      $ ls -dl /etc /etc/passwd /etc/shadow
      drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
      -rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
      -rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow


      For /etc:




      • d: the entry is a directory.


      • rwx: the owner of the directory (root) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd") this directory.


      • r-x: members of the group (also called root, but is not the same as the user called root) have permissions to view file entries and change to ("cd") this directory.


      • r-x: everyone else has permissions to view file entries and change to ("cd") this directory.

      Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.



      Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.



      For /etc/passwd:




      • -: the entry is a regular file.


      • rw-: the owner (root) can read and write to this file, but not run it directly from the command line.


      • r--: members of the group (root) can only read this file.


      • r--: everyone else can read this file.

      Originally the /etc/passwd file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow. It is only accessible by the root user and group (-rw-r-----): regular users cannot view it.






      share|improve this answer






















      • +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
        – cas
        Feb 18 at 14:20











      • I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
        – ErikF
        Feb 18 at 14:26










      • One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
        – ErikF
        Feb 18 at 14:31










      • I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
        – cas
        Feb 18 at 14:32










      • I've added a bit to hopefully clarify what "change to" means.
        – ErikF
        Feb 18 at 14:34












      up vote
      3
      down vote



      accepted







      up vote
      3
      down vote



      accepted






      No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.



      So, for this example:



      $ ls -dl /etc /etc/passwd /etc/shadow
      drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
      -rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
      -rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow


      For /etc:




      • d: the entry is a directory.


      • rwx: the owner of the directory (root) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd") this directory.


      • r-x: members of the group (also called root, but is not the same as the user called root) have permissions to view file entries and change to ("cd") this directory.


      • r-x: everyone else has permissions to view file entries and change to ("cd") this directory.

      Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.



      Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.



      For /etc/passwd:




      • -: the entry is a regular file.


      • rw-: the owner (root) can read and write to this file, but not run it directly from the command line.


      • r--: members of the group (root) can only read this file.


      • r--: everyone else can read this file.

      Originally the /etc/passwd file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow. It is only accessible by the root user and group (-rw-r-----): regular users cannot view it.






      share|improve this answer














      No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.



      So, for this example:



      $ ls -dl /etc /etc/passwd /etc/shadow
      drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
      -rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
      -rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow


      For /etc:




      • d: the entry is a directory.


      • rwx: the owner of the directory (root) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd") this directory.


      • r-x: members of the group (also called root, but is not the same as the user called root) have permissions to view file entries and change to ("cd") this directory.


      • r-x: everyone else has permissions to view file entries and change to ("cd") this directory.

      Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.



      Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.



      For /etc/passwd:




      • -: the entry is a regular file.


      • rw-: the owner (root) can read and write to this file, but not run it directly from the command line.


      • r--: members of the group (root) can only read this file.


      • r--: everyone else can read this file.

      Originally the /etc/passwd file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow. It is only accessible by the root user and group (-rw-r-----): regular users cannot view it.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Feb 18 at 14:34

























      answered Feb 18 at 13:21









      ErikF

      2,7111413




      2,7111413











      • +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
        – cas
        Feb 18 at 14:20











      • I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
        – ErikF
        Feb 18 at 14:26










      • One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
        – ErikF
        Feb 18 at 14:31










      • I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
        – cas
        Feb 18 at 14:32










      • I've added a bit to hopefully clarify what "change to" means.
        – ErikF
        Feb 18 at 14:34
















      • +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
        – cas
        Feb 18 at 14:20











      • I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
        – ErikF
        Feb 18 at 14:26










      • One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
        – ErikF
        Feb 18 at 14:31










      • I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
        – cas
        Feb 18 at 14:32










      • I've added a bit to hopefully clarify what "change to" means.
        – ErikF
        Feb 18 at 14:34















      +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
      – cas
      Feb 18 at 14:20





      +1, but it took me a little while to realise that "...and change to this directory" meant "cd to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
      – cas
      Feb 18 at 14:20













      I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
      – ErikF
      Feb 18 at 14:26




      I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like s for setgid/setuid and t for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
      – ErikF
      Feb 18 at 14:26












      One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
      – ErikF
      Feb 18 at 14:31




      One last point of information: symbolic links will always have the form lrwxrwxrwx: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
      – ErikF
      Feb 18 at 14:31












      I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
      – cas
      Feb 18 at 14:32




      I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant cd. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
      – cas
      Feb 18 at 14:32












      I've added a bit to hopefully clarify what "change to" means.
      – ErikF
      Feb 18 at 14:34




      I've added a bit to hopefully clarify what "change to" means.
      – ErikF
      Feb 18 at 14:34












      up vote
      1
      down vote













      The owner of /etc and /boot is or should be root.



      echo test > /etc/test 
      bash: /etc/test: Permission denied


      Only the owner root has the permission to create files or delete them from the directory.






      share|improve this answer
























        up vote
        1
        down vote













        The owner of /etc and /boot is or should be root.



        echo test > /etc/test 
        bash: /etc/test: Permission denied


        Only the owner root has the permission to create files or delete them from the directory.






        share|improve this answer






















          up vote
          1
          down vote










          up vote
          1
          down vote









          The owner of /etc and /boot is or should be root.



          echo test > /etc/test 
          bash: /etc/test: Permission denied


          Only the owner root has the permission to create files or delete them from the directory.






          share|improve this answer












          The owner of /etc and /boot is or should be root.



          echo test > /etc/test 
          bash: /etc/test: Permission denied


          Only the owner root has the permission to create files or delete them from the directory.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Feb 18 at 13:04









          user unknown

          6,95412148




          6,95412148




















              up vote
              1
              down vote













              To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x only the owner of those directorys can delete files in them






              share|improve this answer


























                up vote
                1
                down vote













                To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x only the owner of those directorys can delete files in them






                share|improve this answer
























                  up vote
                  1
                  down vote










                  up vote
                  1
                  down vote









                  To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x only the owner of those directorys can delete files in them






                  share|improve this answer














                  To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x only the owner of those directorys can delete files in them







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Feb 18 at 13:18









                  yeti

                  2,36611223




                  2,36611223










                  answered Feb 18 at 13:02









                  Captain Wobbles

                  1565




                  1565






















                       

                      draft saved


                      draft discarded


























                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424953%2fnormal-user-can-delete-important-files%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?