sshd/sftp file permission problem

B

berehl

* short version of the problem:

Although files or directory permissions are set to 755 it is possible to delete files or directories as a non-owner when having access to a ZFS FreeBSD 9.1 server via sftp/sshfs.

* long version:

For testing purposes I am running a fresh and raw FreeBSD 9.1 AMD64 as file server (no ports, but latest updates installed, no Internet connection). The only network service running is sshd. The FreeBSD ZFS file system is accessed from a Fedora 19 client via sshfs (shell login disabled, remote users isolated into a single common group created for this purpose).

Then a file/directory (owner root:wheel, permissions set to 755) is created via root shell login.

As expected:
After that when accessing this file/directory via Fedora sshfs as remote user nonroot:nonwheel reading is possible, writing to the file/directory is impossible. The same is true with local shell login.
If using a shell login to delete this file/directory as user nonroot:nonwheel it is impossible too.

Unexpected Behaviour:
But deleting the file/directory as nonroot:nonwheel via sftp/sshfs is reproducibly possible without any problem!

One can use any other user1:group1 user2:group2 combination to test this behaviour. Of course group1 is the only group user1 belongs to and group2 is the only group user2 belongs to.

Do I miss an essential aspect or is this a very big bug?

Thank you in advance for any comments.
Bernd
 
You're not making it fully clear but if I read correctly then the file owned by root (and wheel) resided in the users home directory. In which case this is perfectly normal behaviour.

If a directory is owned by a user then that user has "extended" rights in that directory. Just my wording mind you, but one of those rights is being able to remove files which officially do not belong to him.

Observe:

Code: 
smtp2:/home/peter $ ls -ld .
drwxr-x---  18 peter  peter  35 Sep  1 14:24 .
smtp2:/home/peter $ su
Password:
root@smtp2:/home/peter # touch my_file
root@smtp2:/home/peter # chown root:wheel my_file && chmod 600 my_file
root@smtp2:/home/peter # exit
smtp2:/home/peter $ ls -l my_file
-rw-------  1 root  wheel  0 Sep  1 14:23 my_file
smtp2:/home/peter $ id
uid=1001(peter) gid=1001(peter) groups=1001(peter),0(wheel)
smtp2:/home/peter $ rm my_file
override rw-------  root/wheel for my_file? y
smtp2:/home/peter $ file my_file
my_file: ERROR: cannot open `my_file' (No such file or directory)
smtp2:/home/peter $ ls -l my_file
ls: my_file: No such file or directory
 
I guess you are right. Thank you for reminding me of the subtleties of Unix file/directory permissions.

Have a nice day.
 
It may not be obvious but in UNIX and UNIX-like operating systems deleting a file is an operation on the enclosing directory, not on the file itself and that means that the permissions check is made against the permissions set for the directory.
 
You must log in or register to reply here.
Back
Top