POSIX.1e was going to define ACL (Access Control List) mechanisms for POSIX (amongst other security-related issues), but the proposals were never converted to a formal standard. Nevertheless, ACLs (not necessarily POSIX.1e ACLs) are supported at least optionally in all the main variants of Unix (Linux, BSD, MacOS X(ACL), HP-UX, AIX (p107ff), Solaris). One detail I've not yet spotted being discussed is how ACLs on files interact with the sticky bit on a directory.
With a normal directory (no ACLs around to confuse the issue), the permissions can be set to, for example, 1777 (found on /tmp, for example).
drwxrwxrwt 16 root sys 4819 May 4 12:09 /tmp
The sticky bit is indicated by the 't' in the last position of the permissions. It means that a user can only delete a file from the directory if the user can write to the file. This makes sense; if the user can write to the file, the contents of the file can be destroyed.
My question is:
- Suppose the general (non-ACL) permissions of the /tmp directory are as illustrated above.
- Further suppose that a paranoid user, 'trembler', sets the non-ACL permissions on a file
/tmp/secretto 600 (user 'trembler', group 'worried'). - Suppose that 'trembler' grants 'rw' access on /tmp/secret to another user, 'blase' via an ACL that cites 'blase' specifically.
- Can 'blase' delete the file
/tmp/secret
If the ACL is taken into account, the answer should be 'yes'; if the ACL is ignored, the answer would be 'no'. Assuming that ACLs are enabled on the relevant file system, is the behaviour uniform across all Unix variants?