Step 1: Okay, this is /data partition, I want my user to be able to manipulate it. chown pavel.users /data.
Step 2: Hmm, I created some backup directories here, lets move them to common place.
cd /data; mkdir backup; mv * backup
(do you spot it now?)
Step 3: Verify the filesystem is still ok... it is not:
root@amd:~# time fsck -f /dev/sdb2 fsck 1.41.3 (12-Oct-2008) e2fsck 1.41.3 (12-Oct-2008) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity /lost+found not found. Create
? no Pass 3A: Optimizing directories Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/sdb2: ***** FILE SYSTEM WAS MODIFIED ***** /dev/sdb2: ********** WARNING: Filesystem still has errors **********
Now... essentialy unpriviledged user "corrupted" my filesystem. Was I too stupid to give him access? Should missing /lost+found not be treated as filesystem error? Should kernel refuse users rm-ing /lost+found? Should maybe lost+found be named .lost+found, so the "corruption" is not as easy to trigger?
In retrospect, yes I should have expected it. But... did you spot it after step 2?