Idiomdrottning’s homepage

The unbearable quirkiness of Linux group permissions

All of the following interaction was as the user sandra with ellen% being the prompt (hostname + percent sign, zsh’s default). I’m in the dialout group. /tmp is sticky but that doesn’t seem to matter here, as you’ll see.

ellen% ls -l /tmp/test
-r--rw---- 1 sandra sandra 0 Feb 26 11:09 /tmp/test
ellen% echo nice > /tmp/test
zsh: permission denied: /tmp/test
ellen% ls -l /tmp/mad
-r--rw---- 1 root dialout 0 Feb 26 11:34 /tmp/mad
ellen% echo fine > /tmp/mad
ellen% cat /tmp/mad

Weird, right?

And this is the explanation:

ellen% grep dialout /etc/group
ellen% grep ^sandra /etc/group

I had no idea users weren’t added to their own groups on Debian, or maybe they are and I just borked it somewhen along the highway, but here we are.

Chris writes in:

The first file is owned by you but you have no owner write permission. So the group permission check is skipped. The second file has group write permission, you’re in the group, and not the owner. So the group permission permits the write. If you changed the owner of the first file, /tmp/test, you should be able to write to it.

I tested it and that worked.

Yes, users are added to their own groups, but that info is in /etc/passwd in the gid field, and typically not duplicated in /etc/group.

Unix permissions can be tricky.

So if you want everyone in a group to have permissions except one, make that person the owner 🤦🏻‍♀️

Not literally, because they can just chmod it then to give themselves the permission.