0

Users:

  • root
  • userA - the normal owner of the file
  • userB - the user that wants to write to the file

The file:

  • Let's say I have a basic text file: /tmp/file
  • Ownership: chown userA:groupA /tmp/file
  • Permissions are group + world writable: chmod 666 /tmp/file

The problem:

  • userB can't write to it via the world/everyone permission
  • userB also can't even write to it when they're in the groupA group
  • I'm only seeing this on a new Debian 11 host.
    • There's no issue on my Debian 10 hosts.

What does work:

  • If I chown root:root /tmp/file - no problem
    • ...this is the weirdest part to me. If this is some new security policy or something, then why is this allowed?
  • If I move the file outside /tmp - no problem

What's going on here?

Has something changed between Debian 10 -> 11?

There's nothing non-default about my /tmp dir. It's not a separate partition or anything, it's just the default subdir setup that Debian comes with.

Improve this question
0

1 Answer 1

Reset to default
0

  • So I typed my question up, and then realized that I should also try writing to the file as root... and was surprised that not even that was allowed either.

    • Perhaps that's why I didn't find much info in all my initial searches trying to figure this out. Most other users tried that first I guess, so their thread titles are a bit different to what I was looking for.
    • So hopefully me still posting + answering this can help someone in the future, if they happen to use search terms like I was.

  • It seems that the cause is the new default setting on sysctl fs.protected_regular

  • I'm still a bit surprised by the fact that userB can write to the file if root:root owns it. But I guess there needs to be some way to really allow world writable files.

    • Although it being owned by root feels like a kinda reverse way to do it. I'm keen to hear if anyone has any insights into why this is allowed.
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.