On Saturday 11 August 2001 01:52, Konstantin (Kastus) Shchuka wrote:
mandb is suid root, and root can write to anyone's files. I'd be very
^^^^^^^^^^^^^^^^^^^^^^^^^^^ unless sticky bit is used on the file system.
Excuse me? andjoh@samantha:/ > ls -ld /tmp drwxrwxrwt 17 root root 1631 Aug 11 01:59 /tmp andjoh@samantha:/ > cd /tmp andjoh@samantha:/tmp > ls -l testfile ls: testfile: No such file or directory andjoh@samantha:/tmp > vim testfile andjoh@samantha:/tmp > cat testfile abcdef andjoh@samantha:/tmp > ssh root@samantha root@samantha's password: Last login: Sat Aug 11 01:58:14 2001 from samantha.cicada.linux-site.net Have a lot of fun... samantha:~ # cd /tmp samantha:/tmp # vim testfile samantha:/tmp # cat testfile abcdefghijk Seems to work. Now, if the file system is mounted *read-only*, then root can't edit files, but then again, you won't be able to change ownership either, so that point is rather moot.
surprised if this has any effect. On my system, the files are owned by man.daemon
The owner is man, group really doesn't matter, and this is the point.
-Kastus
Anders