|
243 | 243 | file for which you do not have the right to write, however that is just a |
244 | 244 | warning, the operation will proceed. It is quite logical -- if you set a file |
245 | 245 | as read-only the shell will deduce that you probably do not want to delete such |
246 | | -a file. See the example below. |
247 | | -\emsl{Unix systems do not have delete-like operation for a fike}, the file is |
248 | | -deleted automatically once it is no longer referenced from directory structure |
249 | | -and the file is not open by any process. |
| 246 | +a file. See the example below. \emsl{Unix systems do not have delete-like |
| 247 | +operation for a file}, the file is deleted automatically once it is no longer |
| 248 | +referenced from a directory structure and the file is not presently open by any |
| 249 | +process. |
250 | 250 |
|
251 | 251 | \begin{verbatim} |
252 | 252 | $ whoami |
|
261 | 261 | $ ls janp-dir/root_wuz_here.txt |
262 | 262 | janp-dir/root_wuz_here.txt: No such file or directory |
263 | 263 | \end{verbatim} |
| 264 | + |
264 | 265 | \item However if \texttt{root} creates its own sub-directory in the |
265 | | -\texttt{janp-dir} directory and creates a new file there, the |
| 266 | +\texttt{janp-dir} directory and then creates a new file in there, the |
266 | 267 | \texttt{janp} user can no longer delete the \texttt{janp-dir} directory and its |
267 | 268 | contents because: |
268 | 269 | \begin{itemize} |
269 | | -\item sub-directory cannot be deleted if non-empty |
270 | | -\item given file cannot be deleted because \texttt{janp} is not user of |
271 | | -the sub-directory |
| 270 | +\item no directory can be deleted if non-empty, and |
| 271 | +\item the given file created by \texttt{root} cannot be deleted because |
| 272 | +\texttt{janp} is not an owner of the sub-directory containing the file |
272 | 273 | \end{itemize} |
273 | 274 | \item If the read bit is removed from a directory rights, it is not possible to |
274 | | -read its contents, therefore list files therein contained. However if I know |
275 | | -the name of the file in the directory and the execute bit is set, I can read the |
276 | | -file: |
| 275 | +read its contents, therefore neither list files contained therein. However if I |
| 276 | +know the name of the file in the directory and the execute bit is set, I can |
| 277 | +read the file: |
277 | 278 | \begin{verbatim} |
278 | 279 | $ mkdir foo |
279 | 280 | $ ls -ald foo |
|
290 | 291 | foo/bar: empty |
291 | 292 | \end{verbatim} |
292 | 293 | \item There is a situation where even the execute bit for a directory is not |
293 | | -sufficient. This is used for temporary directories, where anyone can write to |
294 | | -however it is not desirable to permit users to delete each others files. |
295 | | -To achieve that there is the \emph{sticky bit} (01000). There might be a |
| 294 | +sufficient. That is used for temporary directories where anyone can write to. |
| 295 | +However, it is not desirable to permit users to delete each others files. |
| 296 | +To achieve that there is the \emph{sticky bit} (01000). There might be a |
296 | 297 | \texttt{sticky} man page, where the sticky bit function is described. |
297 | 298 | It is visible as \texttt{\emsl{t}} in the \texttt{ls} output: |
298 | 299 |
|
|
439 | 440 | rights to perform the opearation in question, e.g. once \texttt{setuid} returns |
440 | 441 | it would not have the rights to perform \texttt{setgid} and \texttt{setgroups}. |
441 | 442 | \item \texttt{setgroups} is not part of UNIX~98 or UNIX~03. |
442 | | -\item RUID/EUID are saved in in kernel process structure and also in the so |
| 443 | +\item RUID/EUID are saved in the kernel process structure and also in the so |
443 | 444 | called \emph{u-area} (see e.g. [Bach]). |
444 | 445 | \item If a root SUID program calls \texttt{setuid} for UID other than 0, it can |
445 | 446 | no longer return to EUID==0 (this makes sense, imagine a user logging into the |
|
0 commit comments