Accidental deletion of root files
You quietly wander through the
But something is bothering you. It's like a little pebble (little rock) caught in a shoe. You take off your shoes to see what's wrong.
Strange. He is here, but as if he does not belong to you. He was left
You reach into your pocket for a phone to quickly call him through
')
You look down at your trembling hands, trying to understand: did all this really happen? Yes. You really did it. Without Rock Tamer. But how?
The little pebble in your shoe had no idea what was waiting for it. As can be seen from his reincarnation, no one had any permits for him (
What happened here is that Rock Tamer has forgotten that you are even more powerful than himself when you are in
To be able to do something with the file, first of all you need to find it in the directory. The listing of directory contents is controlled by the execution flag. If the user has permission to execute in this directory, he can see its contents. Also, the execution flag for the directory gives access to the
Then, the removal process. Renaming or moving a file does not include a
The
If Rock Tamer really didn’t want strangers to touch his pebbles, he would do the following:
This operation ensures the immutability of the file, which, among other things, prevents its deletion. Excerpt from the manual:
$HOME directory, thinking about your business.$ whoami
> user
$ pwd
> /home/userBut something is bothering you. It's like a little pebble (little rock) caught in a shoe. You take off your shoes to see what's wrong.
$ ls -lah ./left-shoe
---------- 1 root root 4 May 30 13:20 little-rockStrange. He is here, but as if he does not belong to you. He was left
root , Rock Tamer, and only he decides his fate.# bash -c "echo 'You stay here' > /home/user/left-shoe/little-rock"
# chmod 0000 /home/user/left-shoe/little-rockYou reach into your pocket for a phone to quickly call him through
sudo . Suddenly, you feel a surge of strength (due to watching Gladiator last night) and decide to put off the phone in order to test your power.')
$ rm -f ./left-shoe/little-rock
$ ls -lah ./left-shoe/little-rock
ls: cannot access little-rock: No such file or directoryYou look down at your trembling hands, trying to understand: did all this really happen? Yes. You really did it. Without Rock Tamer. But how?
The little pebble in your shoe had no idea what was waiting for it. As can be seen from his reincarnation, no one had any permits for him (
--- --- --- ). No readings, no records, no action from anyone (owner, group, others).Trick
What happened here is that Rock Tamer has forgotten that you are even more powerful than himself when you are in
$HOME . And that's why.To be able to do something with the file, first of all you need to find it in the directory. The listing of directory contents is controlled by the execution flag. If the user has permission to execute in this directory, he can see its contents. Also, the execution flag for the directory gives access to the
inode for the files in this folder, which is crucial in this context, since the deletion process detaches the file.Then, the removal process. Renaming or moving a file does not include a
write() system call. In practice, we don’t need any permissions to delete a file and we don’t care who owns it. The only requirement is to have permissions to write to the parent directory (and the execution flag for the parent directory).The
$HOME directory naturally meets both of these requirements from the user's point of view.Anti trick
If Rock Tamer really didn’t want strangers to touch his pebbles, he would do the following:
# chattr +i /home/user/left-shoe/little-rockThis operation ensures the immutability of the file, which, among other things, prevents its deletion. Excerpt from the manual:
The file with the attribute 'i' cannot be changed: it cannot be deleted or renamed, a link cannot be created to this file and no data can be written to it. Only the superuser or process owning CAP_LINUX_IMMUTABLE can set or remove an attribute.
Source: https://habr.com/ru/post/337316/
All Articles