I created user small, added him to group kek and allowed that group to only read files in user home directory. Then I chowned all files to root:kek.
However, small still can delete files in his home directory.
Commands I ran:
useradd -ms /bin/bash small
groupadd kek
usermod -a -G kek small
chown -R root:kek /home/small/*
chmod -R g=r /home/small/*
Then when I try to remove file:
$ ls -l
total 16
-rw-r--r-- 1 root kek 240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek 39 Jun 21 09:17 flag.txt
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek 24 Jun 22 08:16 small.py
$ rm flag.txt
$ ls -l
total 12
-rw-r--r-- 1 root kek 240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek 24 Jun 22 08:16 small.py
$ whoami
small
Why does this happens?
Best Answer
Whether a file can be deleted or not is not a property of the file but of the directory that the file is located in. A user may not delete a file that is located in a directory that they can't write to.
Files (and subdirectories) are entries in the directory node. To delete a file, one unlinks it from the directory node and therefore one has to have write permissions to the directory to delete a file in it.
Related: