The Power of K

Here’s a friendly system administration tip, for Linux/FreeBSD/Unix-type systems: root-owned files and directories in a directory owned by a user can still be modified by the user.

The scenario usually presented is that the sys admin doesn’t want a user modifying a certain configuration file in the user’s home directory. Modifying is usually understood as editing. Hence the sys admin will do the following:

# chmod 0600 /home/user/.settings
# chown root:root /home/user/.settings

However, consider the following examples:

# ls -la
total 12
drwxr-xr-x  3 user   users 4096 Nov 10 21:58 .
drwxr-xr-x 40 user   users 4096 Nov 10 21:57 ..
drwx------  2 root   root  4096 Nov 10 21:57 control
-rw-------  1 root   root     0 Nov 10 21:58 settings

Example 1

user@example:~/work> rm settings
rm: remove write-protected regular empty file `settings'? y
user@example:~/work> ls -la
total 12
drwxr-xr-x  3 user   users 4096 2009-11-10 22:01 .
drwxr-xr-x 40 user   users 4096 2009-11-10 21:57 ..
drwx------  2 root   root  4096 2009-11-10 21:57 control

Example 2

user@example:~/work> mv control my_control
user@example:~/work> ls -la
total 12
drwxr-xr-x  3 user   users 4096 2009-11-10 22:02 .
drwxr-xr-x 40 user   users 4096 2009-11-10 21:57 ..
drwx------  2 root   root  4096 2009-11-10 21:57 my_control

As demonstrated in the examples a user still has control over root-owned files and directories in directories the user owns. For files a user may:

1. Delete the file
2. Rename the file

For directories the user may:

1. Rename the directory
2. Delete the directory, if the directory is empty

A user may take one of the above actions, then create his own file or directory containing the content he desires.

If the system administrator truly wants to prevent the user from manipulating such files and directories then the admin needs take one of the following actions:

1. Do not put the files and directories in the user’s home directory
2. Make the file or directory immutable ( not compatible with all systems )

In my opinion option #1 is the better way to go, when possible.

Note: other ways I’ve seen admins attempt to block this is to prevent a user from accessing his home directory. For example disabling SSH, FTP and similar methods of interfacing with the home directory.