Why can I remove file without user permission? - linux

I made small test to check how permissions work:
test#comp ~/Documents $ touch test1
test#comp ~/Documents $ ls -l
-rw-r--r-- 1 test test 0 Jul 24 22:14 test1
test#comp ~/Documents $ chmod 044 test1
test#comp ~/Documents $ ls -l
----r--r-- 1 test test 0 Jul 24 22:14 test1
test#comp ~/Documents $ cat test1
cat: test1: Permission denied
test#comp ~/Documents $ rm test1
rm: remove write-protected regular empty file ‘test1’? y
test#comp ~/Documents $ ls -l
total 0
My question is, why when I have no permission on user I can't read file but I can remove it?

In order to remove the file one needs a write permission on the directory that contains this file.
For more information: http://linuxcommand.org/lts0070.php

Related

setuid on echo command but not working as expected

I have a question about setuid:
for example, there is a file - 1.txt, only root has write permission:
$ll 1.txt
-rw-r--r--. 1 root root 57 Jul 1 12:19 1.txt
For an ordinary user to modify the file, I did the following:
$ sudo chmod u+s /usr/bin/echo
$ ll /usr/bin/echo
-rwsr-xr-x. 1 root root 33128 Oct 31 2018 /usr/bin/echo
However, when the user ran below command, it still got permission error.
$ echo 111 > 1.txt
bash: 1.txt: Permission denied
Then I did a similar test on ls command:
Only root has write permission to test/ directory:
$ ll -d test/
drw-------. 2 root root 34 Jul 1 14:18 test/
a user that run ls command would report an error
$ ls test/
ls: cannot open directory test/: Permission denied
Then setuid on ls command:
$ sudo chmod u+s /usr/bin/ls
$ ll /usr/bin/ls
-rwsr-xr-x. 1 root root 117680 Oct 31 2018 /usr/bin/ls
after this, the user was able to run the command
$ ls test/
1 23 4
What's the difference between echo and ls? Or what I missed here?

LINUX: How to softlink specific files in all subdirectories

I want to create soft links (ln -s) to folder2 of all the files that contain *foo* in its name, and can be found in some or all the subdirectories of folder1.
I've tried it with for, find, and find -exec ln, and a combination of them, but all I get is a broken link named *foo* or a link to everything inside folder1
With globstar at one stroke.
shopt -s globstar
cd folder2
ln -s ../folder1/**/*foo* .
cd is needed for relative links (this applies for below answers that utilizes find too). If you want absolute links, do
shopt -s globstar
ln -s /where/is/it/folder1/**/*foo* folder2/
If you're in the target folder you want to create the symbolic link, just use ln -s <target file>. The sym link name will be same as the target file.
If you need to do this for several file, use a for loop.
Example:
$ mkdir folder1 folder2
$ cd folder1
$ touch foo foobar foofoobar foobarfoo bar barfoo barbar
$ ls
bar barbar barfoo foo foobar foobarfoo foofoobar
$ cd ../folder2
$ for i in ../folder1/*foo*; do ln -s $i; done
$ ls -l
total 0
lrwxrwxrwx 1 abc abc 17 oct. 26 11:57 barfoo -> ../folder1/barfoo
lrwxrwxrwx 1 abc abc 14 oct. 26 11:57 foo -> ../folder1/foo
lrwxrwxrwx 1 abc abc 17 oct. 26 11:57 foobar -> ../folder1/foobar
lrwxrwxrwx 1 abc abc 20 oct. 26 11:57 foobarfoo -> ../folder1/foobarfoo
lrwxrwxrwx 1 abc abc 20 oct. 26 11:57 foofoobar -> ../folder1/foofoobar
Try this,
for fileName in `find folder1 -name *foo*`
do
name1=`basename $fileName`
ln -sf $fileName folder/$name1
done
Check this
for file in `find . -name *foo* -print`
do
ln -s $file folder2/
done

How to create an archive and chmod it

I should create a file inside this file an archive. When I create it, I
should use chmod so that the archive should have 757 rights.
I did this but I failed, is this right or wrong? :
$ mkdir file1
$ cd file1
# here i should create an archive but how i dont know
$ chmod 757 archivename
Use touch command first:
bash-4.3$ mkdir a
bash-4.3$ cd a
bash-4.3$ pwd
/home/cg/root/a
bash-4.3$ touch a.txt
bash-4.3$ chmod 757 a.txt
bash-4.3$ ls -lrt
total 0
-rwxr-xrwx 1 18207 18207 0 May 4 11:29 a.txt
I think this is what you need:
$ mkdir file1
$ cd file1
$ touch actual_file.txt
$ cd ..
$ tar czvf file1-archive.tar.gz file1/
$ chmod 757 file1-archive.tar.gz
This creates an archive of everything inside the file1 folder.

Failed to change ownership of a file with permission 0666 in Linux

OS: Linux. (CentOS 6)
Step 1: login as normal user and change the directory to the home directory
Step 2: su as root
Step 3: create a file and change permission to 0666
Step 4: change file ownership as normal user but failed
[belcon#no1ca4sh ~]$ pwd
/home/belcon
[belcon#no1ca4sh ~]$ su
Password:
[root#no1ca4sh belcon]# touch test.txt
[root#no1ca4sh belcon]# echo "test">test.txt
[root#no1ca4sh belcon]# cat test.txt
test
[root#no1ca4sh belcon]# chmod 666 test.txt
[root#no1ca4sh belcon]# ls -l test.txt
-rw-rw-rw- 1 root root 5 Jun 26 17:50 test.txt
[root#no1ca4sh belcon]# exit
exit
[belcon#no1ca4sh ~]$ ls -l test.txt
-rw-rw-rw- 1 root root 5 Jun 26 17:50 test.txt
[belcon#no1ca4sh ~]$ chown belcon test.txt
chown: changing ownership of `test.txt': Operation not permitted
That doesn't make sense since I can copy that file to another temporary file as normal user. That temporary file's owner is normal user. Then I can delete the original file, and make a copy the temporary file with same name as original file created by root user. It is actually what 'chown' want to do.
[belcon#no1ca4sh ~]$ cp test.txt test1.txt
[belcon#no1ca4sh ~]$ ls -l test.txt test1.txt
-rw-r--r-- 1 belcon wheel 5 Jun 26 17:56 test1.txt
-rw-rw-rw- 1 root root 5 Jun 26 17:50 test.txt
[belcon#no1ca4sh ~]$ diff -Naur test1.txt test.txt
[belcon#no1ca4sh ~]$ rm test.txt
[belcon#no1ca4sh ~]$ ls -l test.txt test1.txt
ls: cannot access test.txt: No such file or directory
-rw-r--r-- 1 belcon wheel 5 Jun 26 17:56 test1.txt
[belcon#no1ca4sh ~]$ cp test1.txt test.txt
[belcon#no1ca4sh ~]$ ls -l test.txt test1.txt
-rw-r--r-- 1 belcon wheel 5 Jun 26 17:56 test1.txt
-rw-r--r-- 1 belcon wheel 5 Jun 26 17:57 test.txt
[belcon#no1ca4sh ~]$ diff -Naur test1.txt test.txt
[belcon#no1ca4sh ~]$
Can anyone please to explain why I couldn't change ownership of a file with permission 0666? Does there exist some reasons for that?
Ordinary users can't chown files.
See: https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file
Basically, it would allow users to evade quotas, and there are other edge cases where security can be compromised. (e.g. applications assuming root-owned files are secure, because only root could have written them).

Chmod recursively

I have an archive, which is archived by someone else, and I want to automatically, after I download it, to change a branch of the file system within the extracted files to gain read access. (I can't change how archive is created).
I've looked into this thread: chmod: How to recursively add execute permissions only to files which already have execute permission as into some others, but no joy.
The directories originally come with multiple but all wrong flags, they may appear as:
drwx------
d---r-x---
drwxrwxr-x
dr--r-xr--
Those are just the few I've discovered so far, but could be more.
find errors when tries to look into a directory with no x permission, and so doesn't pass it to chmod. What I've been doing so far, is manually change permissions on the parent directory, then go into the child directories and do the same for them and so on. But this is a lot of hand labour. Isn't there some way to do this automatically?
I.e. how I am doing it now:
do:
$ chmod -R +x
$ chmod -R +r
until I get no errors, then
$ find -type f -exec chmod -x {} +
But there must be a better way.
You can use chmod with the X mode letter (the capital X) to set the executable flag only for directories.
In the example below the executable flag is cleared and then set for all directories recursively:
~$ mkdir foo
~$ mkdir foo/bar
~$ mkdir foo/baz
~$ touch foo/x
~$ touch foo/y
~$ chmod -R go-X foo
~$ ls -l foo
total 8
drwxrw-r-- 2 wq wq 4096 Nov 14 15:31 bar
drwxrw-r-- 2 wq wq 4096 Nov 14 15:31 baz
-rw-rw-r-- 1 wq wq 0 Nov 14 15:31 x
-rw-rw-r-- 1 wq wq 0 Nov 14 15:31 y
~$ chmod -R go+X foo
~$ ls -l foo
total 8
drwxrwxr-x 2 wq wq 4096 Nov 14 15:31 bar
drwxrwxr-x 2 wq wq 4096 Nov 14 15:31 baz
-rw-rw-r-- 1 wq wq 0 Nov 14 15:31 x
-rw-rw-r-- 1 wq wq 0 Nov 14 15:31 y
A bit of explaination:
chmod -x foo - clear the eXecutable flag for foo
chmod +x foo - set the eXecutable flag for foo
chmod go+x foo - same as above, but set the flag only for Group and Other users, don't touch the User (owner) permission
chmod go+X foo - same as above, but apply only to directories, don't touch files
chmod -R go+X foo - same as above, but do this Recursively for all subdirectories of foo
You need read access, in addition to execute access, to list a directory. If you only have execute access, then you can find out the names of entries in the directory, but no other information (not even types, so you don't know which of the entries are subdirectories). This works for me:
find . -type d -exec chmod +rx {} \;
Try to change all the persmissions at the same time:
chmod -R +xr
To make everything writable by the owner, read/execute by the group, and world executable:
chmod -R 0755
To make everything wide open:
chmod -R 0777
Adding executable permissions, recursively, to all files (not folders) within the current folder with sh extension:
find . -name '*.sh' -type f | xargs chmod +x
* Notice the pipe (|)
Give 0777 to all files and directories starting from the current path :
chmod -R 0777 ./

Resources