hippocampe Posted February 15, 2003 Report Share Posted February 15, 2003 There is a file that I don't want opera to modify. I did this in /home/hippocampe/.opera/: rm filename touch filename chmod 444 filename su chown root:root filename By then, nobody should be able to modify this file, let alone a program run by a normal user. But everytime I run opera (as normal user), this file is modified. Is there something I missed here? Thanks. Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 16, 2003 Report Share Posted February 16, 2003 try chown your-username:users /usr/bin/opera Quote Link to comment Share on other sites More sharing options...
hippocampe Posted February 16, 2003 Author Report Share Posted February 16, 2003 awww, didn't work :( Is that how it's supposed to work? I thought file permissions for a user also apply for programs started by that user, otherwise it may cause a security problems? Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 16, 2003 Report Share Posted February 16, 2003 That's what I thought, too. I was just checking to see if that would work. Did you somehow put your user in the adm or root group? Open userdrake and check. You can choen opera back to root:root Quote Link to comment Share on other sites More sharing options...
hippocampe Posted February 17, 2003 Author Report Share Posted February 17, 2003 I am not in a privileged user group as I checked in userdrake. I am in cdrecording group (K3b did that). I also cannot run priviledged commands as lsmod or ifconfig ... while in my regular user account. Quote Link to comment Share on other sites More sharing options...
aru Posted February 17, 2003 Report Share Posted February 17, 2003 There is a file that I don't want opera to modify. I did this in /home/hippocampe/.opera/: rm filename touch filename chmod 444 filename su chown root:root filename By then, nobody should be able to modify this file, let alone a program run by a normal user. But everytime I run opera (as normal user), this file is modified. How is modified? is edited? is totally re-wroten? changes it's permissions? changes it's owner? Is there something I missed here?Thanks. Well, you didn't tell us what changes are made, but probably what is happening is that opera, runned by 'hippocampe' user, removes that file when it runs, and then creates a new copy of it. An user is able to remove any file of his own directories, even if he hasn't permissions over it, or if the file is owned by others, included root. So as opera is launched by the user who owns the ~/.opera/ dir, it can remove and then re-create any file on that directory. Quote Link to comment Share on other sites More sharing options...
hippocampe Posted February 17, 2003 Author Report Share Posted February 17, 2003 Oww, you're right! Basically, what I wanted to do is replace that file with an empty one, set permissions to read only for everyone and change owner to root. I thought that the file would be left empty this way. I just tried to do the same thing with a dummy file and I was able to rm the file as regular user. So, there is no way to tell opera to leave that file alone if I understand it? :( Quote Link to comment Share on other sites More sharing options...
qnr Posted February 17, 2003 Report Share Posted February 17, 2003 I'm not sure how this will work from an application, but you might try to change the attributes to immutable .... here's an example root@linux:/home/terry# touch test.txt root@linux:/home/terry# chattr +i test.txt root@linux:/home/terry# rm test.txt rm: remove write-protected file `test.txt'? y rm: cannot unlink `test.txt': Operation not permitted root@linux:/home/terry# As you can see, not even root can delete it, until root does a chattr -i test.txt Quote Link to comment Share on other sites More sharing options...
aru Posted February 17, 2003 Report Share Posted February 17, 2003 So, there is no way to tell opera to leave that file alone if I understand it?:( No as long as opera is runed by you; Everything you can do can be done by opera (I'm just talking about deleting files). But there is some hope, as long as you use ext2 as your filesystem (I don't know if this will work with ext3, in reiserfs certainly not). For example, you can do: ~# touch foo ~# ls -l foo -rw-r--r-- 1 root root 0 Feb 17 20:31 foo ~# chattr +i foo ~# rm -f foo rm: cannot remove `foo': Operation not permitted ~# ls -l foo -rw-r--r-- 1 root root 0 Feb 17 20:31 foo See, not even root is allowed to remove that file :wink: (to remove it you should first "chattr -i" that file) check the man pages of "chattr" and "lsattr" for more info HTH EDITED: Ooops! sorry you were faster Quote Link to comment Share on other sites More sharing options...
Cannonfodder Posted February 17, 2003 Report Share Posted February 17, 2003 Here's a backward way of doing this that I just thought of.. write a script to 1. copy file to a hold file 2. run opera (let it modify whatnot) 3. copy hold file back to file 4. delete hold You could probably expand it a bit so that if hold is there when you start, you replace the file first and then do steps 1-4. When you want to run opera, you call the script.. would that do what you want? Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted February 18, 2003 Report Share Posted February 18, 2003 There was an old trick for Netscape, years ago. I don't remember why, some people wanted a file to remain empty in netscape's directory. The solution was to delete that file, and then to create a directory with the same name. So the directory cannot be deleted (unless the -r option is given to rm), nor can it be overwritten with a filename. Maybe you can do something similar... Yves. Quote Link to comment Share on other sites More sharing options...
hippocampe Posted February 19, 2003 Author Report Share Posted February 19, 2003 Thanks guys, First time i've seen the chattr command. It looks pretty powerful. Unfortunately it doesn't work on a fs other than ext2 or ext3 :( I get this on my xfs home partition: chattr +i foo chattr: Inappropriate ioctl for device while reading flags on foo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.