Youre walking at
$HOME, minding your own business.
$ whoami > user $ pwd > /home/user
But something is bothering your feet. Its like if a little rock has fallen into your shoe. You take it off, to see whats going on.
$ ls -lah ./left-shoe ---------- 1 root root 4 May 30 13:20 little-rock
Thats odd. Its there, but it doesnt seem to be yours. Its left there by
root, the Rock Tamer, and only he can decide its fate.
# bash -c "echo 'You stay here' > /home/user/left-shoe/little-rock" # chmod 0000 /home/user/left-shoe/little-rock
You reach into your pocket for your phone, to speed dial him with
you feel powerful (from watching Gladiator last night), and decide to put back
the phone, and try your luck.
$ rm -f ./left-shoe/little-rock $ ls -lah ./left-shoe/little-rock ls: cannot access little-rock: No such file or directory
You look down at your shaking hands, trying to figure out if this is the real world. It is. You did it. Without the Rock Tamer. But how?
The little rock in your shoe had absolutely no idea whats coming. As seen from
its incarnation, nobody had any permissions
on it (
--- --- ---). No reads, no writes, no throwing by anyone (owner, group, others).
What happened is, is that the Rock Tamer forgot that you are even more powerful
than him, when youre at
$HOME. Lets see why.
To be able to do anything with a file, the first step is to look it up in its
directory. Listing a directorys contents is controlled by the execute flag. If
a user has execute permissions on a directory, he can see whats inside it. Also,
the execute flag on the directory gives access to its files
inodes, which is
crucial in this context, as the removal process unlinks the file.
Next, the removing part. Renaming or removing a file doesnt involve the
write() system call.
Practically, we dont need any permissions to remove the file, nor do we care
about its owner. The only requirement is to have write permissions on the parent directory (and
the execute flag on the parent directory).
$HOME directory naturally fulfills both of these requirements from the users perspective.
If the Rock Tamer, really didnt want anyone to mess around with his rocks, he wouldve done:
# chattr +i /home/user/left-shoe/little-rock
This operation makes the file immutable, which among other things, prevents its removal. Excerpt from the man page:
A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.