How UNIX admin set up this? how files of 744 of other owner can be removed by another owner?


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users How UNIX admin set up this? how files of 744 of other owner can be removed by another owner?
# 1  
Old 01-08-2010
How UNIX admin set up this? how files of 744 of other owner can be removed by another owner?

Hi all,

We have some files are under 744 permissions and the the owner is say owner1 and group1.
Now we have another user owner2 of group2, owner2 can remove files of the owner1 and the permission of those files are 744, unix admin told us he did some config at his side so we can do that.

So I just wondering how this can be setup? Note that both owner1 and owner2 also belong to other groups and possibly owner1 in group2 and owner2 in group1 also...but files under 744 can be deleted is what I don't know how that happened ?

thanks,
thegunman.
# 2  
Old 01-08-2010
I may be talking out of school here, but would'nt setuid allow this?
# 3  
Old 01-08-2010
Is the directory other write? ie., xx7
# 4  
Old 01-08-2010
Also, and I don't know much about ACL's (so I won't go there), but would't directory permissions also have a part to play?
# 5  
Old 01-08-2010
That's usually done by the filesystem ACL mechanism.

You can see if ACL support is enabled on the filesystem by looking for the 'acl' option in the output of the 'mount' command (linux).

Try running 'getacl' or 'getfacl' on the directories/files. This tells you what other groups or users have write access (also delete)

Hope this helps
# 6  
Old 01-11-2010
Thanks for all the replies !!
I guess ceubank gave the answer...

but looks like getacl or getfacl are not available on AIX 5.3.
So basically that means, what we see in the file permission bits that we deal with everyday, may not be what we think, the unix admin could do something there and over write the user permission settings.

This is what happened, it took me quite some time to remove the company confidential information from the screen cuts below:
Code:
f8fm: /apps/z0/log/new2/Jr>ls -l *12-1*
-rw-r--r--    1 wasadmin wasgrp     31796647 Dec 17 23:59 Jr.log.2009-12-17.#d0005
-rw-r--r--    1 wasadmin wasgrp     14488275 Dec 18 23:59 Jr.log.2009-12-18.#d0005
-rw-r--r--    1 wasadmin wasgrp     31624695 Dec 19 23:59 Jr.log.2009-12-19.#d0005
f8fm: /apps/zwl0/log/new2/Jr>
f8fm: /apps/z0/log/new2/Jr>lsuser f8fm
f8fm id=143313146 pgrp=uxzwl0p groups=uxzwl0p home=/users/f8fm shell=/usr/bin/ksh gecos=Phang Contractor registry=compat roles=
f8fm: /apps/z0/log/new2/Jr>lsuser wasadmin
wasadmin id=6047 pgrp=wasgrp groups=wasgrp,suroot,appidgrp,uxzwl0p home=/home/wasadmin shell=/usr/bin/ksh gecos=Websphere admin ID, IS#060733
f8fm: /apps/z0/log/new2/Jr>

f8fm: /apps/z0/log/new2/Jr>rm Jr.log.2009-12-17.#d0005
rm: Remove Jr.log.2009-12-17.#d0005? y
f8fm: /apps/z0/log/new2/Jr>ls -l *12-1*
-rw-r--r--    1 wasadmin wasgrp     14488275 Dec 18 23:59 Jr.log.2009-12-18.#d0005
-rw-r--r--    1 wasadmin wasgrp     31624695 Dec 19 23:59 Jr.log.2009-12-19.#d0005
f8fm: /apps/z0/log/new2/Jr>

f8fm: /apps/z0/log/new2/Jr>df .
Filesystem    512-blocks      Free %Used    Iused %Iused Mounted on
/dev/lvappz0log  104857600 103082760    2%      139     1% /apps/z0/log
f8fmil: /apps/z0/log/new2/Jr>mount -o acl
  node       mounted        mounted over    vfs       date        options      
-------- ---------------  ---------------  ------ ------------ --------------- 
         /dev/hd4         /                jfs2   Nov 18 15:52 rw,log=/dev/hd8 
         /dev/hd2         /usr             jfs2   Nov 18 15:52 rw,log=/dev/hd8 
        /dev/lvappz0log /apps/z0/log   jfs2   Nov 18 15:53 rw,log=/dev/lg_appvg01
f8fm: /apps/z0/log/new2/Jr>getacl
ksh: getacl:  not found.
Ph: /apps/z0/log/new2/Jr>getfacl
ksh: getfacl:  not found.
f8fm: /apps/z0/log/new2/Jr>


Last edited by Scott; 01-11-2010 at 04:23 PM.. Reason: Please use code tags
# 7  
Old 01-11-2010
Quote:
Originally Posted by scottn
Also, and I don't know much about ACL's (so I won't go there), but would't directory permissions also have a part to play?
ACLs can overwrite POSIX if that is what you are asking. Sometimes if your servers are running any kind of directory services and LDAP they will put ACLs in the file system by default, and they will be set by default as what the default settings will most likely be.

I have seen this in OS X and in SuSe Linux, but anything outside of those two I don't have much experience with ACLs.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

How to set owner and permission for files/directory in directory in this case?

Hi. My example: I have a filesystem /log. Everyday, log files are copied to /log. I'd like to set owner and permission for files and directories in /log like that chown -R log_adm /log/* chmod -R 544 /log/*It's OK, but just at that time. When a new log file or new directory is created in /log,... (8 Replies)
Discussion started by: bobochacha29
8 Replies

2. AIX

Files without owner and group

Dears it is normal that the below binaries stay without any owner and group I have checked it in many servers and the like the below /usr/lpp/bos.net/inst_root/etc/ipsec# ls -lrt total 248 -r-xr-xr-x 1 987 987 13589 Jun 29 2005 default_group -r-xr-xr-x ... (5 Replies)
Discussion started by: thecobra151
5 Replies

3. Solaris

Privileges : modify dir/file owner by other that's not owner

i need to do the following operations in solaris 10: 1.change owner and group owner for files which are not owned by the current user and user group 2.to can delete files in the /tmp directory which are not of the current user 3. allow to a standard user the deletion of files in the /tmp... (1 Reply)
Discussion started by: sirmark
1 Replies

4. Shell Programming and Scripting

mv warning set owner/group: Operation not permitted

Hi, Thanks for looking into this. I am running into below situation in free BSD. I have a file in /tmp/sample.txt with owner as 'xyz' and group as 'wheel' I am moving it to my home dir/newsample.txt whihc has owner 'xyz', but group 'someother' with below command, getting warning, but it is... (2 Replies)
Discussion started by: ramanaraoeee
2 Replies

5. Solaris

Where to look owner's configuration files?

Where to look owner's configuration files? For example: -r-xr-xr-x 1 103 staff 2723 Jun 17 1999 user_init I need to look owner 103 behavior. (3 Replies)
Discussion started by: wolfgang
3 Replies

6. Shell Programming and Scripting

find files by OWNER

i have written a script in which i have to go to a dir and search there for files belonging to owner pipe and then delete them Can anyone tell me how to find files by owner pipe. below some of the files belonging to owner pipe -rw------- 1 pipe pipe 163840 Mar 18 2008 ... (7 Replies)
Discussion started by: ali560045
7 Replies

7. UNIX for Dummies Questions & Answers

Find files by owner

Hello, I have a problem, I need to find files in folder by owner, not using find command at all and ls -R parameter. Thanx a lot. Best regarts (1 Reply)
Discussion started by: Boliakas
1 Replies

8. UNIX for Dummies Questions & Answers

command to find the files under particular owner

Hi, I need a command to find a files under particular owner ?All the files in the system for the particular user id is the owner? Please help me on this? (2 Replies)
Discussion started by: jayaramanit
2 Replies

9. UNIX for Dummies Questions & Answers

How to set the name of the group and the owner while creation of the file?

How to set the name of the group and the owner while creation of the file? -rwxrwxr-x 1 root sys 1202 Dec 5 2002 abc.awk like here i need to set the name of root and sys to xxx xxx Any help is appreciated. Thanks. (2 Replies)
Discussion started by: nehak
2 Replies

10. Solaris

Owner of file gets 'not owner' error for chgrp

Hi Folks, I know that changing users and groups is pretty basic admin, but this one has got me stumped. When I try to change the group of a file for which I am the owner for, it still gives me a 'Not owner' error. For example, when I am logged in as 'webadmin', I have the following file: ... (4 Replies)
Discussion started by: brizrobbo
4 Replies
Login or Register to Ask a Question