Reputation: 193
Why can't this user delete this file?
If I do:
ls -al /usr/local/bin/kill-all-sales-apps
I see:
-r-xr-xr-- 1 jenkins root 68 Aug 4 12:10 kill-all-sales-apps
If I sudo to root and then su to jenkins, I should be able to delete this, yes?
Other relevant information about the directory and its parent:
drwxr-xr-x 2 root root 4096 Aug 4 12:11 .
drwxr-xr-x 10 root root 4096 May 7 17:20 ..
If I do:
groups jenkins
then I see than the user "jenkins" has been added to the "root" group:
jenkins : jenkins root run-server-software
But if I:
rm /usr/local/bin/kill-all-sales-apps
I get:
rm: remove write-protected regular file ‘/usr/local/bin/kill-all-sales-apps’? y
rm: cannot remove ‘/usr/local/bin/kill-all-sales-apps’: Permission denied
Why is permission denied?
Upvotes: 2
Views: 9951
Answers (1)
Reputation: 5895
As to why the jenkins user can't delete, the jenkins user needs write permissions on the parent folder of the file you're looking to delete. This is because you're actually removing directory entries from the parent folder.
Usually, on most filesystems, deleting a file requires write permission on the parent directory (and execute permission, in order to enter the directory in the first place). (Note that, confusingly for beginners, permissions on the file itself are irrelevant. However, GNU rm asks for confirmation if a write-protected file is to be deleted, unless the -f option is used.)
So try running...
ls -ld /usr/local/bin
And make sure the jenkins user has write permissions on /usr/local/bin
Another way to do it is to modify sudoers to give jenkins user sudo permissions to rm only that file via sudo. Here's an example giving the user joe the explicit permission to sudo rm the file /usr/local/src/noperms/hi.txt from a directory he does not have write permissions to. But limiting him from deleting anything else in that directory.
For example:
[[email protected] ~]# mkdir -p /usr/local/src/noperms
[[email protected] ~]# chmod -R 455 /usr/local/src/noperms
[[email protected] ~]# touch /usr/local/src/noperms/hi.txt
[[email protected] ~]# echo "hi" >> /usr/local/src/noperms/hi.txt
[[email protected] ~]# chmod 455 /usr/local/src/noperms/hi.txt
[[email protected] ~]# su - joe
[[email protected] ~]$ cat /usr/local/src/noperms/hi.txt
hi
[[email protected] ~]$ rm /usr/local/src/noperms/hi.txt
rm: remove write-protected regular file `/usr/local/src/noperms/hi.txt'? y
rm: cannot remove `/usr/local/src/noperms/hi.txt': Permission denied
[[email protected] ~]$ exit
[[email protected] ~]# visudo
[[email protected] ~]# diff -Nur /tmp/sudoers.orig /etc/sudoers
--- /tmp/sudoers.orig 2015-08-04 17:17:24.020781442 +0200
+++ /etc/sudoers 2015-08-04 17:24:21.258274163 +0200
@@ -101,6 +101,7 @@
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
+joe ALL=(root) NOPASSWD: /bin/rm /usr/local/src/noperms/hi.txt
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
[[email protected] ~]# su - joe
[[email protected] ~]$ sudo /bin/rm /usr/local/src/noperms/hi.txt
[[email protected] ~]$ exit
[[email protected] ~]# ls -al /usr/local/src/noperms/hi.txt
ls: cannot access /usr/local/src/noperms/hi.txt: No such file or directory
[[email protected] ~]# ls -al /usr/local/src/noperms/
Upvotes: 3
Related Questions
- User able to modify file owned by root. Why?
- What permissions are needed to delete a file in unix?
- Linux directory permissions read write but not delete
- Minimum file permission needed to delete a file in Linux
- Why can I remove file without user permission?
- Can't delete directory with 777 permission
- Permission problem deleting file in python
- File delete rights in Linux
- why can't delete the file?
- Can't delete a directory in Mac