Re: suid bit on directories

Dax Kelson (dax@gurulabs.com)
Mon, 20 May 2002 21:28:18 -0600 (MDT)


On Mon, 20 May 2002, Jesse Pollard wrote:

> > > No. You loose the fact that the file was NOT created by the user.
> >
> > the user in my example above would be wwwrun or httpd - and that does not
> > make any sense at all! It would make much more sense if the new files
> > belonged to the owner of the directory, who is the one who owns the
> > virtual host.
>
> You can't tell who the user is. ANY user would be able to do that.

Bzzzt. Only if the permissions permitted it.

Example 1:

/home/bob/public_html

public_html is user/group bob/httpd

the perms are 2770

============================

Example 2:

All users on the system have a primary or secondary group "users"

/home/bob user/group bob/users

perms are 701

This explictly denies "users", yet allows Apache in (since it is running
as httpd).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/