Unlinking objects in a directory with sticky bit set

YONETANI Tomokazu qhwt+dfly at les.ath.cx
Sun May 3 20:05:43 PDT 2009


On Sun, May 03, 2009 at 09:03:00AM -0700, Matthew Dillon wrote:
> 
> :Quoting from sticky(8):
> :  ... A file in a sticky directory may only be removed or renamed
> :  by a user if the user has write permission for the directory and the user
> :  is the owner of the file, the owner of the directory, or the super-user.
> :
> :So rename(2) in a directory with sticky bit set should also be taken care of.
[sorry, I was talking about an unrelated thing here]
			:

>     Is rename(2) working properly?  I wasn't quite sure from your posting.
>     It does seem to work properly in my quick test.

The problem is I (as a non-root user) can still rename(2) an object that
I do not own, in a sticky directory on HAMMER filesystem.

On UFS:
# mkdir -m 1777 sticky && touch sticky/ROOT
# su -m nobody -c 'cd sticky && mv ROOT R00T && echo HEY'
mv: rename ROOT to R00T: Operation not permitted

On HAMMER:
# mkdir -m 1777 sticky && touch sticky/ROOT
# su -m nobody -c 'cd sticky && mv ROOT R00T && echo HEY'
HEY





More information about the Bugs mailing list