Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: user root and file permission

  1. #1
    Join Date
    Sep 2008
    Location
    Israel
    Posts
    34

    Default user root and file permission

    Hi,

    I came across this issue today and it changes everything I know about file permissions in linux.

    I created the following files in my system :
    Code:
    /tmp> ls -lad /tmp/testperm/
    drwx------ 2 sagi users 4096 Apr 12 20:23 /tmp/testperm/
    /tmp> ls -lad /tmp/testperm/file.txt 
    -rw------- 1 sagi users 12 Apr 12 20:23 /tmp/testperm/file.txt
    as you can see the owner of the file is myself and the file permissions are 600.
    Which as I know it, means that user sagi can read/write,
    and because the other file permission are set to 0, just the owner of the file can read/write from/to it.

    One more thing, as you can see I also set that only the owner of the directory (which is me again) can read and cd (the execute bit) to the directory.

    My question is : how come user 'root' can read the content of the file ?

    Code:
    # id
    uid=0(root) gid=0(root) groups=0(root)
    # cat /tmp/testperm/file.txt
    Hello world
    /tmp is part of my root filesystem which is formated as ext4 and mounted with the following parameters :
    Code:
    /dev/sda3 on / type ext4 (rw,relatime,user_xattr,acl,barrier=1,data=ordered)
    I'm running :
    Code:
    openSUSE 11.4 (x86_64)
    VERSION = 11.4
    CODENAME = Celadon

  2. #2

    Default Re: user root and file permission

    Quote Originally Posted by sagiben View Post
    My question is : how come user 'root' can read the content of the file ?
    Because he's the boss.

  3. #3
    Join Date
    Sep 2008
    Location
    Israel
    Posts
    34

    Default Re: user root and file permission

    and if we'll put aside the sarcasm, what will be the answer ?

  4. #4
    Join Date
    Jun 2008
    Location
    Kansas City Area, Missouri, USA
    Posts
    7,236

    Default Re: user root and file permission

    On 04/12/2011 01:06 PM, sagiben wrote:
    >
    > Hi,
    >
    > I came across this issue today and it changes everything I know about
    > file permissions in linux.
    >
    > I created the following files in my system :
    >
    > Code:
    > --------------------
    >
    > /tmp> ls -lad /tmp/testperm/
    > drwx------ 2 sagi users 4096 Apr 12 20:23 /tmp/testperm/
    > /tmp> ls -lad /tmp/testperm/file.txt
    > -rw------- 1 sagi users 12 Apr 12 20:23 /tmp/testperm/file.txt
    >
    > --------------------
    >
    >
    > as you can see the owner of the file is myself and the file permissions
    > are 600.
    > Which as I know it, means that user sagi can read/write,
    > and because the other file permission are set to 0, just the owner of
    > the file can read/write from/to it.
    >
    > One more thing, as you can see I also set that only the owner of the
    > directory (which is me again) can read and cd (the execute bit) to the
    > directory.
    >
    > My question is : how come user 'root' can read the content of the file


    Because root is the 'superuser' and can do anything. That is why running as root
    is dangerous. A trivial command as root (which I will not list) can destroy an
    entire file system very quickly.


  5. #5

    Default Re: user root and file permission

    Quote Originally Posted by sagiben View Post
    and if we'll put aside the sarcasm, what will be the answer ?
    It wasn't sarcastic. This is the true answer. Someone has to be able to access all the files in the system. Under Linux and Unix, this is root. Can you imagine what could possibly happen if users were able to hide files from root? You can encrypt your files and root will not be able to read them but he will still be able to delete them or remove your directories or even you user account.

    In other words, the access rights you set on your files as user do not apply to root.

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: user root and file permission

    Quote Originally Posted by sagiben View Post
    I came across this issue today and it changes everything I know about file permissions in linux.
    So now you know that your knowledge was incomplete.

  7. #7
    Join Date
    Sep 2008
    Location
    Israel
    Posts
    34

    Default Re: user root and file permission

    yes, my knowledge was incomplete ...
    but at least I learned something new today ;-)

    The thing is that I'm not a newbie, I have some experience as a user and as a developer in Linux,
    but somehow I was always sure that even root can't access file that his permission is set to 600.

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: user root and file permission

    On 2011-04-12 20:36, sagiben wrote:
    >
    > and if we'll put aside the sarcasm, what will be the answer ?


    That's the answer :-)
    Root can do (almost) anything.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: user root and file permission

    On 2011-04-12 21:06, sagiben wrote:

    > but somehow I was always sure that even root can't access file that his
    > permission is set to 600.


    I actually found a situation when root could not read a file from somebody
    else - but he could change the permissions and read it. I don't remember
    the exact situation.

    To me that was a big surprise, root should be able to read anything.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  10. #10
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: user root and file permission

    This is a fundamental design principle of Unix/Linux, that the superuser has access to everything, for reasons of system maintenance, backup, etc.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •