Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
a user can delete root files?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
ElleStone
Tux's lil' helper
Tux's lil' helper


Joined: 12 Mar 2013
Posts: 106

PostPosted: Thu Jun 20, 2013 6:32 pm    Post subject: a user can delete root files? Reply with quote

It seems that I as user 'elle' can delete files that belong to 'root'.

How is this possible and how do I make it not possible?

The question sounds calm, but the person asking (that would be me) is not feeling so calm at all.

ElleStone,

. . . missing a bunch of files that never should have been deleted,
and realizing that any little accident at the keyboard could delete a bunch more . . .
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Thu Jun 20, 2013 6:37 pm    Post subject: Reply with quote

A non-privileged user can delete files belonging to 'root' if he has write permissions for the directory in which the file is.

Last edited by mike155 on Thu Jun 20, 2013 7:25 pm; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54092
Location: 56N 3W

PostPosted: Thu Jun 20, 2013 6:46 pm    Post subject: Reply with quote

ElleStone,

What groups is your normal user in ?

If you have sudo installed, how is it set up ?
Look in your /etc/sudoers file - which should need you to be root..
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
ElleStone
Tux's lil' helper
Tux's lil' helper


Joined: 12 Mar 2013
Posts: 106

PostPosted: Thu Jun 20, 2013 7:10 pm    Post subject: Reply with quote

Hi NeddySeagoon and bug_report,

My normal user is in group 'wheel' (10) and also group '1000', which perhaps is the group 'users'?

I don't remember how I put 'elle' in the 'wheel' group. I just installed sudo today (about 5 minutes ago) so it isn't set up at all.

The problem that I'm trying to solve is that somehow I accidentally hit "delete" or maybe "trash" after having selected a bunch of image files using digiKam. In any event, the files were deleted (I don't have "trash" set up). Fortunately I have backups. But those files were "read only" so I didn't think digiKam could delete them, never even occurred to me to ask the question. I guess I was wrong.

So I'm trying to figure out how to ensure that digiKam (or any other program) can't delete my image files (not all image files, just the originals, which are all in folders with the same top directory). But digiKam and exiftool both need to be able to write to sidecar files. My thought was to give ownership of the image files to root, but that didn't work. And probably that's not a good idea anyway, as exiftool (but not digiKam, digiKam is set up to only write to a sidecar file, which exiftool reads and then writes to the image file) needs write access to the images.

Changing the folder owner and group to root does make it not possible to delete a root-owned file as 'elle' (and probably also files not owned by root?), but then what about ability to write to the non-root files in the folder? (I haven't experimented yet)

ElleStone
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54092
Location: 56N 3W

PostPosted: Thu Jun 20, 2013 7:17 pm    Post subject: Reply with quote

ElleStone,

I suspect you are in more groups than you suggest.
As your ElleStone user, what does groups show ?
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
ElleStone
Tux's lil' helper
Tux's lil' helper


Joined: 12 Mar 2013
Posts: 106

PostPosted: Thu Jun 20, 2013 7:21 pm    Post subject: Reply with quote

Hi NeddySeaGoon. Here's the terminal output:
Code:
~ $ groups
wheel floppy audio cdrom video usb users vboxusers plugdev elle
 ~ $ groups elle
wheel elle
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54092
Location: 56N 3W

PostPosted: Thu Jun 20, 2013 7:38 pm    Post subject: Reply with quote

ElleStone,

You are in the following groups
Code:
~ $ groups
wheel floppy audio cdrom video usb users vboxusers plugdev elle
if that was your ElleStone user.

Thats all normal.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
ElleStone
Tux's lil' helper
Tux's lil' helper


Joined: 12 Mar 2013
Posts: 106

PostPosted: Thu Jun 20, 2013 8:27 pm    Post subject: Reply with quote

So is there any way to keep digiKam (and every other person and program, except root) from deleting image files in a folder (say all files ending with .jpg or .cr2 or .tif), and still allow digikam and exiftool to write new files (say files ending with .xmp) to the directory?

I've been searching the internet, similar questions asked a lot, but the answers are not very clear to me.

Elle
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54092
Location: 56N 3W

PostPosted: Thu Jun 20, 2013 8:48 pm    Post subject: Reply with quote

ElleStone,

Directory permissions are rwx, for each of three groups.
rw do what you expect, allow read or write access. x allows the group members to cd to the directory. Well, executing a directory is not useful.
Write access is required to change the directory.

The three groups are owner:group:world.

If you can work out a way to set the permissions rwxr-x--- and come up with suitable owner and groups, then yes.
You may need to make more users and more groups to accomplish this. Many more users and groups is messy. In that case you may want to move to access control lists (ACL), which provide much finer grained access control. I've never needed ACLs.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10587
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Jun 20, 2013 9:19 pm    Post subject: Reply with quote

Elle,

ACLs allow finer grained permission control within the existing permissions structure. For instance, you could grant write access to more than one group to a file or directory. What you can't do with ACLs is invent new permissions, such as "disallow delete", which only exists under very special conditions in the standard *nix filesystem model. You just can't set up a set of permissions that allows the creation of a file, writing to that file, but once closed, no longer allows write or delete.

However, there's a work-around. To elaborate on what NeddySeagoon has suggested, here is a set of steps that will accomplish mostly what you want:
  • Create a directory for your photo manipulation. I'll call it Photos.
    Code:
    ~ $ mkdir Photos
  • Create a new user and group called (for instance) archival.
    Code:
    sudo useradd -M archival
  • Change the ownership and group of the Photos directory to "archival".
    Code:
    sudo chown archival:archival Photos
  • Change the permissions of the Photos directory to allow any user to write to the directory and (this is the critical part) add the sticky bit. (See "RESTRICTED DELETION FLAG" in the chown man page).
    Code:
    sudo chmod o+w,t Photos
You can make any files in this directory as a regular user. Let's prove it.
Code:
~ $ cd Photos
Photos $ echo "Hello, world." >test.txt
Photos $ ls -l
total 4,096
-rw-r--r-- 1 johngrah johngrah 14 Jun 20 17:08 test.txt
Photos $ rm test.txt
Photos $
But, as you can see, you can still delete the files. If you have a file you want to protect, change its ownership to archival.
Code:
Photos $ echo "Hello, world." >test.txt
Photos $ sudo chown archival:archival test.txt
Photos $ ls -l
total 4,096
-rw-r--r-- 1 archival archival 14 Jun 20 17:10 test.txt
Photos $ cat test.txt
Hello, world.
Photos $ rm test.txt
rm: remove write-protected regular file ‘test.txt’? y
rm: cannot remove ‘test.txt’: Operation not permitted
Photos $
As you can see, my regular user no longer has permission to delete the file but it's still usable. But if you need to manipulate the files, you can temporarily change your user to "archival".
Code:
Photos $ su archival
Password:
archival@localhost /home/johngrah/Photos $ rm test.txt
archival@localhost /home/johngrah/Photos $ exit
exit
Photos $
The one downside of this technique is that you need (at least temporary) root privileges to change the ownership of a file. (You need root privileges to set up the scheme, too, but that's not as big of a downside.)

Hope this helps, at least a little.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
ElleStone
Tux's lil' helper
Tux's lil' helper


Joined: 12 Mar 2013
Posts: 106

PostPosted: Fri Jun 21, 2013 7:35 pm    Post subject: Reply with quote

Hi, John,

It's taken the better part of today to work out the kinks, but I think I've got everything working. I think these are the right commands, if "originals" is the top-level directory:
Code:
useradd archival
passwd password-for-archival
chown -R archival:archival originals

#Set appropriate permissions on directories (644 on directories prohibits listing directory contents; is there a more correct set of permissions for folders?):
find . -type d -exec chmod 755 {} \;
find . -type d -exec chmod o+w {} \;
#how to combine these two into one command?

#Set appropriate permissions on files: archival needs write access to the image files; and user and the user's programs require read access (else thumbnails can't be created and the image metadata can't be read).
find . -type f -exec chmod 644 {} \;

#Set appropriate ownership on just the xmp sidecar files so digiKam can write to these files:
find . -name '*.xmp'  -exec chown elle:elle {} \;
find . -name '*.xmp'  -exec chmod 644 {} \;

#Set the sticky bit:
chmod -R +t originals


At this point the user 'archival' and the normal user ('elle', in my case) can both create and subsequently modify new files in any subdirectory of the directory "originals", with each user owning all files created by that user. And anyone can read files belonging to archival and elle.

But neither elle nor digikam can modify or delete the image files, which belong to archival. But archival can modify and delete any file, regardless of the owner.

The only problem now would be if 'elle' inadvertently su'ed to being 'archival' (or root) and then started digiKam, as for example from the command line. Hopefully elle won't be that unobservant! But is there any way to keep user 'archival' from starting digiKam? Something like this?
Code:
groupadd digikam
useradd -G digikam elle
some comamnd that only letting members of group digikam start the executable /usr/bin/digikam


Thank you all very much. I doubt very much whether I could have figured this out on my own (and hopefully the code lines I wrote are correct in case some other person reads this post with a similar question).

Elle
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum