Mailinglist Archive: opensuse-security (206 mails)

[Roman Drahtmueller <draht@xxxxxxxxxxxxxxx>]

> Yes.  This is the trick.  And it's an old one.
>
> For example, paranoid sysadmins that don't like .rhosts will (as root)
> create a .rhosts _directory_ in a user's $HOME, throw an empty file in there
> (eg, touch ~user/.rhosts/noremove), then chmod 0 it.
>
> /* Keith Warno

Errm... not exactly. Changing the name of a file (or directory) does _not_
depend on the modes of this particular entry to be changed, but the
permissions of the directory that contains the objects in question.

Consider a directory just like an ordinary file, containing other files,
directories and other objects. Changing the object's names means changing
the directory's content.

**root**@reality:/home/client # pwd
/home/client
**root**@reality:/home/client # mkdir .rhosts
**root**@reality:/home/client # touch .rhosts/noremove
**root**@reality:/home/client # chmod 0 .rhosts/noremove .rhosts/
**root**@reality:/home/client # ls -lad . .rhosts
drwxr-xr-x   7 client   users        1024 Jun 20 01:47 .
d---------   2 root     root         1024 Jun 20 01:48 .rhosts
**root**@reality:/home/client # su - client
reality:/home/client $ pwd
/home/client
reality:/home/client $ mv .rhosts .r
reality:/home/client $ ls -lad .r .
drwxr-xr-x   7 client   users        1024 Jun 20 01:48 .
d---------   2 root     root         1024 Jun 20 01:48 .r
reality:/home/client $ id
uid=200(client) gid=100(users) groups=100(users)
reality:/home/client $ 




Roman.
-- 
 _                                                               _
| Roman Drahtmüller              "The best way to pay for a       |
  CC University of Freiburg       lovely moment is to enjoy it."
| email: draht@xxxxxxxxxxxxxxx    - Richard Bach                  |
 -                                                               -