search

marschall / memoryfilesystem

An in memory implementation of a JSR-203 file system
284 stars 36 forks source link

Files without write permission can be deleted #100

Closed bbaldino closed 6 years ago

bbaldino commented 6 years ago

Given the following code:

val fs = MemoryFileSystemBuilder.newLinux().build()
val readOnlyFile = fs.getPath("file1.txt")
Files.createFile(readOnlyFile)
val perms = PosixFilePermissions.fromString("r--r--r--")
Files.setPosixFilePermissions(readOnlyFile, perms)
println("writable? ${Files.isWritable(readOnlyFile)}")
Files.delete(readOnlyFile)
println("exists? ${Files.exists(readOnlyFile)}")

It will print:

writable? false
exists? false

So even though the file only has read permissions, it can still be deleted.

bbaldino commented 6 years ago

It looks like maybe it's just a missing call to checkAccess around here? I'll take a shot at a PR with a change there and see how it goes.

marschall commented 6 years ago

It is my understanding that only a write permission on the parent directory is needed to delete a file. (And probably also the execute permission on all parents).

The following works for me

touch to-delete
chmod a-w to-delete
rm to-delete

https://en.wikipedia.org/wiki/Rm_(Unix)

Usually, on most filesystems, deleting a file requires write permission on the parent directory

bbaldino commented 6 years ago

When I try that, I get a prompt:

-r--r--r-- 1 bbaldino bbaldino      0 May 25 05:30 to-delete
bbaldino:/tmp$ rm to-delete
rm: remove write-protected regular empty file 'to-delete'? y

And it does delete it. Trying it from a different user gives the same prompt but fails even if they enter 'y'. So I guess it depends on the user doing the delete?

bbaldino:/tmp$ touch to-delete
bbaldino:/tmp$ chmod a-w to-delete
bbaldino:/tmp$ sudo su other_user
other_user:/tmp$ rm to-delete
rm: remove write-protected regular empty file 'to-delete'? y
rm: cannot remove 'to-delete': Operation not permitted

Even though the containing directory (tmp) is

drwxrwxrwt 239 root root 20480 May 25 05:35 tmp

EDIT: Interesting! The bit right after what you pasted explains it I guess:

(Note that, confusingly for beginners, permissions on the file itself are irrelevant. However, GNU rm asks for confirmation if a write-protected file is to be deleted, unless the -f option is used.)

Good to know, that does seem counterintuitive but I guess no bug here. Though wonder why it doesn't work for the other user.

Thanks for the great library, saved me when testing some complicated filesystem interactions.

marschall commented 6 years ago

Yeah, UNIX permission can be confusing at first.

Though wonder why it doesn't work for the other user.

Does the other have execute permission on all parent folders?

You're welcome.

bbaldino commented 6 years ago

Though wonder why it doesn't work for the other user.

Does the other have execute permission on all parent folders?

Yeah this was in /tmp/ so tmp was the only parent.

marschall commented 6 years ago

Yeah this was in /tmp/ so tmp was the only parent.

Strictly speaking / as well but the other user will have execute permission there as well.