root permission denied while luser can remove dir
Originally I had posted this on justlinux.com, noone seemed interested and I was kinda wondering if either 1) they had all gone to determine root cause / replicate / write exploits with this in mind 2) think I'm making it up
I'm just a little worried that someone will be able to figure it out and I will have to reinstall, along with a few other Linux users who don't know very in depth OS stuff. Is this just an anomilie while I burnt the DVD or is this somthing that someone should investigate and issue a security bulletin for?
Hey everyone, I got an odd error. I tried:
su root<entered my password>
mount /dev/hdc /mnt/dvd
cp /mnt/dvd/*.avi /home/user
chown -R user /home/user
I got cannot modify /home/user/.gvfs. Permission denied.
This was on a fresh install of Slackware 12.1 with Gnome Slack Build installed. I googled and found that this was an issue for openSuse as well. It's a Gnome directory. The solution was to login as the user listed as owner and umount /home/user/.gvfs then rm -R /home/user/.gvfs.
The only thing that scares me is that it's possible to have a user own something and deny permission to root!!! I think that would be a MAJOR bug in the linux security system.
To replicate this try this:
download slackware 12.1 DVD iso and burn it to dvd. Do a fresh install then once you create your user and his/her home dir set them as owner and change the group to users. Next all you have to do is run:
lynx --source http://gnomeslackbuild.org/net-install | bash
this is the 32 bit installer, not sure if the same issue would appear in 64bit slackware.
then run, as root, chown -R user /home/user. That's when I get the permission denied message.
This system is on a network with a Windows Vista machine, they are not networked together at all except they both get IPs from the router. It's one of those speedster 5150 dsl modem/wireless router dealies.
What's also odd is that when I did a ls -l /home/user/.gvfs as root I got permission denied and as the user listed as owner, well it wasn't listed anywhere but anyway, it just listed d???????? ? ? ? ? ???? ? ? etc.