I’m writing a bash script that downloads OpenWRT, patches it to support a Vizio XWR100 router, compiles it, etc. It creates a directory to clone the github repository in. But first, it checks to see if the directory exists, and if it does, it removes it. Just to be on the safe side, I implemented some error checking routines. I started testing them, and then I noticed something very odd. I’ve ran these commands from the terminal window. My working directory is /home/spork/src/vizio_xwr100_patches. The /home directory is owned by root:root, and has 0755 permissions. The /home/spork directory is owned by spork:users and has 0755 permissions. The /home/spork/src directory is owned by spork:users and has 0755 permissions. The /home/spork/src/vizio_xwr100_patches is owned by spork:users and has 0755 permissions.
I create a /home/spork/src/vizio_xwr100_patches/vizio_xwr100 directory, owned by root:root, which has the 0755 permissions. I switch back to the terminal window that has spork as the user, and I’m successfully able to remove the vizio_xwr100 directory.
I ran some tests. I can create any directory in the /home/spork directory as root, and remove it with spork. spork doesn’t belong to any weird groups, just users. spork cannot access files like /etc/shadow. spork cannot remove subdirectories owned by root in the / directory. There’s no sticky bits set, rm doesn’t have the setUID bit set, there’s no ACLs on any of those directory. The /home directory is a separate Ext4 partition. The / directory is a separate Ext4 partition.
I would expect that a directory belonging to root:root that has 0755 permissions, a non-super-user shouldn’t be able to remove, regardless of what the parent directory is.
Any ideas what’s going on here? This doesn’t seem like expected behaviour. I would have expected a permission denied message when I tried to remove the 0755-permission directories owned by root that reside somewheres inside /home/spork/<whatever>.