security hole in 2.0.0 ???

Edan Idzerda edan at
Tue Jan 19 03:26:03 GMT 1999

On Tue, 19 Jan 1999, Florian G. Pflug wrote:

> On Mon, Jan 18, 1999 at 09:41:14PM +1100, Stephan Hendl wrote:
> > I the [homes]-section I have to set "writable = Yes" in order to get
> > write access to my home-directory. Unfortunately this allows me to
> > delete a file that was created originally by root. But this is not
 [ ... ] 
> Debian GNU/Linux sets the sugid bit of /home/<user> by default. This makes
> every new created file by default onwed by the owner of the directory, which
> is <user>. S, if let´s say root does "touch /home/<user>/test, the file
> test is owned by the user <user> although root created the file - maybe
> that´s your problem?

Is this a feature of Linux that I'm unaware of?  The setgid
bit on a directory means that files within that directory inherit
the *gid* of the parent.

I would have thought that Stephan Hendl's potential problem
was that root-owned files in user directories can be deleted
by the user, under regular unix permissions.

- edan

edan idzerda    <edan at>
sysadmin/geek -- michigan technological university, houghton mi usa

More information about the samba mailing list