User able to modify file owned by root. Why?

Question

I want to prevent a user from modifying a file but I can't seem to get it to work using standard permissions.

The file is file.jpg, which is in the folder 2012/.

File details:

-r--r--r-- 1 root root 10294 Feb 19  2013 file.jpg

Folder details:

drwxr-xr-x 2 charly charly 36864 Aug 27 15:38 2012/

My intention is to prevent the user from renaming the file but with the permissions as they are he's able to.

What am I missing?

Answer 1

You don't change a file when renaming it or moving it in the same filesystem, because a file is really an inode (which may have zero, one or more filenames in directories).

Renaming a file is an operation inside the relevant directories (not on the file itself). Perhaps removing write access to the directory might help (but if the user owns the directory, he could change again these permissions on the directory with chmod). Read also more about sticky bit on directories.

BTW, the user could also hard link that same file, i.e. add a new filename to it. Then each filename is refering to the same file.

Answer 2

The permissions on a file prevent/allow access to the file. Renaming a file does not involve changing the file itself - renaming is actually a change to the directory.

Try changing the directory permissions to:

dr-xr-xr-x

and see what happens.