Re: suid bit on directories

Miquel van Smoorenburg (
Mon, 20 May 2002 20:58:37 +0000 (UTC)

In article <>,
Jesse Pollard <> wrote:
>And ANY user can put files into YOUR directory. Even files you don't want
>there. AND you can't tell who did it.

A setuid bit on a directory doesn't mean it syddenly has
rwxrwxrwx permissions. You still need permission to create the
file as usual. Try playing with a setgid directory one day.
It behaves the same.

>> Only the owner of the directories can set this flag. There is nothing to
>> control.
>Ah - so I can put files into your directory, and suddenly they are owned
>by you. Remember that the next time you are convicted of piracy with criminal
>data in your directory.... (DMCA remember - and saying "Those files are not
>mine" just doesn't cut it, when obviously they have your uid on them; the
>best you would work them down to is "contributing to piracy").

It would be stupid to have a setuid directory world writable. You'd
probably make it group writab;e. Then only people in that group have
access to create files, so the files aren't anonymous - they were
created by someone in that group.

>Also remember what happens when a hard link is created in the directory...
>The file changes ownership.

Adding an extra directory entry for a file doesn't change
the inode (well, the link count is bumped up by one) in any way.


"Insanity -- a perfectly rational adjustment to an insane world."
  - R.D. Lang

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to More majordomo info at Please read the FAQ at