Mário Gamito wrote:
Hi,
This is a bit of-topic, but since it has to do with /tmp permissions
here it goes.
Anyway, I'm sorry in advance for posting this.
I have this PHP script (simplificated here), called delete_tmp.php
that basically calls external commands:
<?php
$session_file = '/tmp/sess_89765'
system(''rm -f' . ' ' . $session_file);
?>
delete_tmp.php file is owned by gamito.users
/tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
My /tmp permissions are rwxrwxrwt and is owned by root.root
I know that the the sticky bit only allows files to be deleted by
their owners, the owner of the directory or by root.
Never the less, i can switch to /tmp directory and delete sess_89765
file as user gamito.
If I run:
$ php delete_tmp.php
as root, it deletes sess_89765 file.
But if I do the same has user gamito, it doesn't delete the file !!!
Ideas ?
PHP, being run from the web interface, is run as whatever ID
Apache is run as. Apache is not user gamito. On a file with
-rw------ permission users in the group will not be allowed to
delete the file.
--
Linux Home Automation Neil Cherry ncherry@xxxxxxxxxxx
http://www.linuxha.com/ Main site
http://linuxha.blogspot.com/ My HA Blog
Author of: Linux Smart Homes For Dummies
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
