J. K. Cliburn wrote: > I'm seeing some file ownership behavior that concerns me. Near as I can > tell, a non-root user who's a member of a group can change ownership of > a file that's owned by another member of the same group, even if the > group perms for the file are read-only. I need to know if this is > expected behavior. I also saw the behavior today in SLES9, although I > need to verify the details more carefully tomorrow. > > On my Fedora machine I added my non-root self to group "users", then, as > root, created a directory with root:users ownership. I then added a > file inside that directory called "junk" with 644 perms and owned by > root:users. Next, as myself (non-root) I opened the file with vi and > was able to save changes to it. When I exit the file, it's no longer > owned by root: it's owned by my non-root account. Behold: > If you look, you will probably find the original file, owned by root, renamed to junk~. What is going on is that when vi saves the file, it first renames the original file to <filename>~ and then saves the edited version as <filename>. Because the user had write permission to the directory, they could rename the original file, and save a new file with the original name. But it is owned by the user that saved the file. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
