On Sat, 3 Nov 2007, Daniel wrote:
> Hi!
>
> Case 1:
> $ id
> uid=1000(leva) gid=1000(leva) groups=1000(leva)
> $ ls -ld /tmp/
> drwx----wt 4 root wheel 512 Nov 3 13:05:03 2007 /tmp//
> $ touch /tmp/test && ls -l /tmp/test
> -rw-r----- 1 leva wheel 0 Nov 3 13:09:04 2007 /tmp/test
> $ rm /tmp/test && ls -l /tmp/test
> ls: /tmp/test: No such file or directory
>
> I can create and remove files in and from the /tmp directory. This is
> the expected behaviour (at least for me).
>
>
> Case 2 (I've added myself to the wheel group):
> $ id
> uid=1000(leva) gid=1000(leva) groups=1000(leva), 0(wheel)
> $ ls -ld /tmp/
> drwx----wt 4 root wheel 512 Nov 3 13:05:03 2007 /tmp//
> $ touch /tmp/test
> touch: /tmp/test: Permission denied
>
> ^^^ I can not create the file in /tmp, although I got world write
> permissions to it. It seems if I'm in the wheel group and the wheel
> group owns the directory, then only the group permissions counts?
> (sounds lame, but I can not think of other reasons).
> After changing the /tmp directory's group permissions to -wx, I can
> create and remove files from it while I'm in the wheel group.
>
> What could cause this behaviuour?
Evidently, the permission check moves left to right, so to speak.
Case1, can you do it as user (root)? No. Can you do it as group
(wheel)? You're not in group wheel, ignore group permissions. Can
you do it as other? Yes. (with the added features of the sticky
(man 8 sticky) bit.)
Case 2, you're denied by the group permissions. Evidently creat
or stat or whatever bails out at this point.
The permissions 1703 (rwx----wt) *do* state that group wheel should
have no access to /tmp.
So this looks like "expected operation". 1703 is a fairly weird
set of permissions, giving "other" more privilege than the group.
This might be useful, though, if you wanted a directory from
which members of group "leper" were excluded.
Are SysV, Posix, Linux and Old BSD semantics all the same here?
(I dunno).
Use 1777 and be happy.
Oh -- don't think of it as "world". The proper term is "other".
You've given an example where that is relevant. (user-group-other).
If you're "user" or "group", you're not an "other".
Dave
--
You don't have to like businessmen to like capitalism.
