Path: utzoo!attcan!uunet!peregrine!elroy!ames!nrl-cmf!ukma!rutgers!att!ulysses!andante!alice!ark
From: ark@alice.UUCP (Andrew Koenig)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <8435@alice.UUCP>
Date: 16 Nov 88 20:57:35 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP>
Distribution: na
Organization: AT&T Bell Laboratories, Liberty Corner NJ
Lines: 15

In article <189@wyn386.UUCP>, mikef@wyn386.UUCP (Mike Faber) writes:
 
> Why can a person with read permission only be able to remove the file?

You can't remove a file; you can remove a link to a file.
If that file has only one link, the file goes away automatically,
as there is no longer any way to refer to it.  (yes, I know
this is slightly oversimplified)

To remove a link, you need write permission for the directory
containing the link, irrespective of the permissions you
have for the file.
-- 
				--Andrew Koenig
				  ark@europa.att.com