I can delete my files in someone elses drop box

[aicul]

Dop boxes are folders in which users have write-only access and the owner of the drop box has read+write.

Some time ago I wrote in this forum how it was possible to modify the contents of a file that you had placed in someone elses drop box.

I have now found how to delete a file you have placed in someone elses drop box. It's simple, copy the file to the drop box. Te file is now in the drop box you have chosen. To remove the file from this drop box, just use Finder>edit>undo.

I accept this is more an intellectual exercise , but it does mean that drop boxes are NOT really Write-Only.

 

[lurk]

What did you read? You still only wrote, you just happened to overwrite what was there. What you want is "write once".

 

[aicul]

No I deleted. As I said intelectual. You can make a point that deletion is an extension of writing. Point taken.

My point is based on Apple's definition of "drop box", summarized in the following statement from finder>help>drop box.

To give a copy of a file to someone, you can copy it to their Drop Box folder.

First I point out that if you "give" something to someone, you cannot take it back. Deletion is taking it back.

When you drag a file to a drop box, there is a finder message that states that you do not have access permissions to the contents of the drop box folder. In my eyes, to be able to delete a file, you must have Read access to the folder to know what is inside.

 

[g/re/p]

One of the things discussed in the original thread was that
you can delete files you put in someone elses drop box.
This is somehow now a revelation?

 

[lurk]

First I point out that if you "give" something to someone, you cannot take it back. Deletion is taking it back.

Well if you want to play that game, copying data is not a "giving" of a "thing". You never "gave" you "wrote" - you never "took back" you "rewrote".

It is not me being intellectual just for fun the problem is that the computer file physical page metaphor only goes so far and this is one place in which it breaks down.

 

[HateEternal]

I would assume that unix permissions are used in the drop box, any files that are written are written with rwx for user and r only for others, thus it makes sense that you can delete files you wrote.

I could check, but that would mean I am not lazy.

 

[ElDiabloConCaca]

If I'm not mistaken, if you have write access, then you can also delete -- that's what write access is.

If you copy a file normally, then try to delete it normally (not using the "undo" command"), can you still delete the file?

 

[spb]

The Drop Box folder has permission (drwx-wx-wx) so anyone can write to it and execute from it, but only the owner has permission to read what exists in the folder.

If I copy from something that I own to another user's Drop Box the permissions of the file is the same as it was when I had it in my account and I am still the owner.

This means that you can overwrite the files you drop into someones dropbox unless you change the permissions to r-x before you drop it.

Also, if you have a file with permissions (rwx------) that you copy to someone else's Drop Box then the other user can't read this file, unless they use sudo to chown or chmod the file.

 

[scruffy]

In fact, if A puts a file in B's drop box, and C guesses the file name, C can delete it. Using the terminal, C can do

rm ~B/Public/Drop\ Box/file.txt

This is because the permissions lack the sticky bit, which says that users can only delete or overwrite files that they put there.

To set the sticky bit on your own drop box:

chmod +t ~/Public/Drop\Box

 

[aicul]

Lots of good sense. Like the sticky bit, have to read further into that.

Here is an amusing post I found while searching Apples knowledge base.

A good example of a use for a drop box would be a folder that students could drop their homework assignments in.

See: http://docs.info.apple.com/article.html?artnum=24513

I think, the example given is not so great.
::ha::

 

[scruffy]

If Apple had by default set the sticky bit (there's a man page for "sticky") then it would be a good example. Does anyone who has Tiger know if they've done this? I'm still on 10.3.9.

 

[aicul]

I don't think they did.

 

[lurk]

The problem with setting the sticky bit is that the owner of the drop box might not be able to move or delete the file. I could be missing something but I think that the permissions Apple have chosen are the only ones that will work.

aicul Why is the assignment drop box such a stupid example? What failure mode do you see as the most troubling and what are the alternatives?

 

[scruffy]

Actually, I don't think that should be a problem:

A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user.

So - a file can be deleted by the owner of the directory, or the owner of the file, or root, but not by someone else.

 

[aicul]

Well if I remember the sillyness I was up to high school/college I would certainly use the ability to remove files to delete my room-mates assignment as a joke (and his revenge would be fun too...). Then there are options to use this very mecanism to alter your own homework after due date - this being less ethical of course.

I stand by my belief, a drop box is like a post service letterbox, once the letter is in the box, there is no altering, deleting of the letter, and the destination reader can read it without further ado.

 

[scruffy]

If you want features like that, email is probably the way to go. The drop box is really just a folder on a file system - there's only so much you can do with that.