Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Users of own group shouldn't be able to delete
Top Forums UNIX for Dummies Questions & Answers Users of own group shouldn't be able to delete Post 302960582 by Don Cragun on Tuesday 17th of November 2015 06:26:04 AM
Old 11-17-2015
If a directory's file mode has the sticky bit set, the standards say:
Code:
If a directory is writable and the mode bit S_ISVTX is set on the directory, a process may remove
or rename files within that directory only if one or more of the following is true:
• The effective user ID of the process is the same as that of the owner ID of the file.
• The effective user ID of the process is the same as that of the owner ID of the directory.
• The process has appropriate privileges.
• Optionally, the file is writable by the process. Whether or not files that are writable by the
  process can be removed or renamed is implementation-defined.

To set the sticky bit on a directory, you want something like:
Code:
chmod 1775 directory_name...

the 1000 bit in that mode is the sticky bit. This chmod command must be run by the owner of the directory (or by a process with appropriate privileges [on many systems, this means running as root]).
These 2 Users Gave Thanks to Don Cragun For This Post:
jim mcnamara kraljic
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Adding users to /etc/group

I'm using SAM to add users on an HP and they're adding fine. But in /etc/group it only lists the group names. It's not adding the users in there. Is there a way to have them put in there without going into SAM and modifying the group and adding them? I guess what I want to happen is when I add... (1 Reply)
Discussion started by: golfhakker
1 Replies

2. Solaris

How do you list users in a solaris group

I need to list all users in a group. This is a large unix site running nis+. (6 Replies)
Discussion started by: gillbates
6 Replies

3. AIX

Max users in a group ?

Hi All, Does anyone know if there is a maximum limit to the number of users that can be assigned to a group. I currently have on a production server 900+ users in 1 group. I know some of these users are no longer valid as we only have 500 employees and not all employees use this application. ... (4 Replies)
Discussion started by: anmiller
4 Replies

4. Shell Programming and Scripting

SSH for a group of users ?

Hi, Can any one tell me is it possible to setup private key public key pairing(SSH ) for a group of users , instead of setting it up for individual users ? Eg: Say i have 3 users A,B and C and i want the users to connect to SERVER1. instead of generating public private keys for each user , is... (3 Replies)
Discussion started by: deepusunil
3 Replies

5. Solaris

How can i allow only a group of users in NIS?

Hello experts. I am using Solaris10. How can i allow a group of users, remaining should be deny. Thanx in advance. (9 Replies)
Discussion started by: younus_syed
9 Replies

6. Shell Programming and Scripting

Diffferentiate group from users

Im trying to put all the groups in into a variable called $GROUP, however in /etc/group there are also lotsa users. And the GID of group can differ as it can be set, this there is no specific range, how can i put all the names of the groups into that variable? (3 Replies)
Discussion started by: dplate07
3 Replies

7. Shell Programming and Scripting

Change of group to different users

Need to change the chgrp for different uses d---rwx--t 3 root 764 4096 Mar 16 2007 algavi d---rwx--t 6 root 2857 4096 Jul 16 11:28 alharki d---rwx--t 5 root 2739 4096 Oct 14 2008 alpen d---rwx--t 5 root 546 4096 Mar 16 2007 alvarez d---rwx--t 3 root... (2 Replies)
Discussion started by: gsiva
2 Replies

8. Programming

to obtain users of each group in c

Hello They have ordered to me that makes several small utilities in C/C++ for the servants, among them a small program in C/C++ to generate a file HTML with the groups of that servant and in addition that is the corresponding users of that group. For example of a group: Group: Sys Members:... (2 Replies)
Discussion started by: cybermeis
2 Replies

9. Shell Programming and Scripting

users per group

hi guys I am trying to display a list of groups and the respective users: Group1 : user1 user2 user3 .... the closest thing I get is echo " "; echo "Group Users "; echo " "; cat /etc/group |grep | grep -v nfswhich I really don't since I want to remove the other stuff like x : and... (4 Replies)
Discussion started by: karlochacon
4 Replies

10. UNIX for Dummies Questions & Answers

create new group/delete existing group

Hi, please let me know the commands to create new group/delete existing group in unix and assigning users to newly created group. Thank you in advance. (2 Replies)
Discussion started by: kancherla.sree
2 Replies

LEARN ABOUT NETBSD

fchmod

CHMOD(2)						      BSD System Calls Manual							  CHMOD(2)

NAME

     chmod, lchmod, fchmod -- change mode of file

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <sys/stat.h>

     int
     chmod(const char *path, mode_t mode);

     int
     lchmod(const char *path, mode_t mode);

     int
     fchmod(int fd, mode_t mode);

DESCRIPTION

     The function chmod() sets the file permission bits of the file specified by the pathname path to mode.  fchmod() sets the permission bits of
     the specified file descriptor fd.	lchmod() is like chmod() except in the case where the named file is a symbolic link, in which case
     lchmod() sets the permission bits of the link, while chmod() sets the bits of the file the link references.  chmod() verifies that the
     process owner (user) either owns the file specified by path (or fd), or is the super-user.  A mode is created from or'd permission bit masks
     defined in <sys/stat.h>:
	   #define S_IRWXU 0000700    /* RWX mask for owner */
	   #define S_IRUSR 0000400    /* R for owner */
	   #define S_IWUSR 0000200    /* W for owner */
	   #define S_IXUSR 0000100    /* X for owner */

	   #define S_IRWXG 0000070    /* RWX mask for group */
	   #define S_IRGRP 0000040    /* R for group */
	   #define S_IWGRP 0000020    /* W for group */
	   #define S_IXGRP 0000010    /* X for group */

	   #define S_IRWXO 0000007    /* RWX mask for other */
	   #define S_IROTH 0000004    /* R for other */
	   #define S_IWOTH 0000002    /* W for other */
	   #define S_IXOTH 0000001    /* X for other */

	   #define S_ISUID 0004000    /* set user id on execution */
	   #define S_ISGID 0002000    /* set group id on execution */
	   #define S_ISVTX 0001000    /* sticky bit */

     The mode ISVTX (the 'sticky bit') can be set on a regular file by the super-user, but has no effect.

     If mode ISVTX (the 'sticky bit') is set on a directory, an unprivileged user may not delete or rename files of other users in that directory.
     The sticky bit may be set by any user on a directory which the user owns or has appropriate permissions.

     For more information about the history and properties of the sticky bit, see sticky(7).

     Changing the owner of a file turns off the set-user-id and set-group-id bits; writing to a file turns off the set-user-id and set-group-id
     bits unless the user is the super-user.  This makes the system somewhat more secure by protecting set-user-id (set-group-id) files from
     remaining set-user-id (set-group-id) if they are modified, at the expense of a degree of compatibility.

RETURN VALUES

     Upon successful completion, a value of 0 is returned.  Otherwise, a value of -1 is returned and errno is set to indicate the error.

ERRORS

     chmod() and lchmod() will fail and the file mode will be unchanged if:

     [ENOTDIR]		A component of the path prefix is not a directory.

     [ENAMETOOLONG]	A component of a pathname exceeded {NAME_MAX} characters, or an entire path name exceeded {PATH_MAX} characters.

     [ENOENT]		The named file does not exist.

     [EACCES]		Search permission is denied for a component of the path prefix.

     [ELOOP]		Too many symbolic links were encountered in translating the pathname.

     [EPERM]		The effective user ID does not match the owner of the file and the effective user ID is not the super-user.

     [EPERM]		The mode includes the setgid bit (S_ISGID) but the file's group is neither the effective group ID nor is it in the group
			access list.

     [EROFS]		The named file resides on a read-only file system.

     [EFAULT]		path points outside the process's allocated address space.

     [EIO]		An I/O error occurred while reading from or writing to the file system.

     [EFTYPE]		The effective user ID is not the super-user, the mode includes the sticky bit (S_ISVTX), and path does not refer to a
			directory.

     fchmod() will fail if:

     [EBADF]		The descriptor is not valid.

     [EINVAL]		fd refers to a socket, not to a file.

     [EPERM]		The effective user ID does not match the owner of the file and the effective user ID is not the super-user.

     [EPERM]		The mode includes the setgid bit (S_ISGID) but the file's group is neither the effective group ID nor is it in the group
			access list.

     [EROFS]		The file resides on a read-only file system.

     [EIO]		An I/O error occurred while reading from or writing to the file system.

     [EFTYPE]		The effective user ID is not the super-user, the mode includes the sticky bit (S_ISVTX), and fd does not refer to a direc-
			tory.

SEE ALSO

     chmod(1), chflags(2), chown(2), open(2), stat(2), getmode(3), setmode(3), sticky(7), symlink(7)

STANDARDS

     The chmod() function conforms to ISO/IEC 9945-1:1990 (``POSIX.1'').

HISTORY

     The fchmod() function call appeared in 4.2BSD.  The lchmod() function call appeared in NetBSD 1.3.

BSD
								 October 11, 2011							       BSD
All times are GMT -4. The time now is 06:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy