Non-root user that (suddenly) has elevated privileges in a specific command (only). [Have I been hacked?]

Title. Long,short story: creating or editing files with nano as my non-root user gives (the file) elevated privileges, like I have ran it w/ sudo or as root. And the (only) “security hole” that I can think of is a nextdns docker container running as root. That aside, its very “overkill” security-wise (cap_drop=ALL,...

Kid_Thunder, (edited ) to linux in Non-root user that (suddenly) has elevated privileges in a specific command (only). [Have I been hacked?]

The directory you are creating your files in likely is set to immutable or append only.

lsattr -d /path/to/directory

if you see i or a, then that's the issue.

You can remove them with
sudo chattr -i /path/to/dir immutable
sudo chattr -a /path/to/dir append only

Same goes for files but if it happens to all files in a directory, then that is probably it.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    200 @ tag_overview
    HTTP status 200 OK
    Controller TagOverviewController
    Route name tag_overview
    Has session yes
    Stateless Check no
    Time 2004 ms
    Total time 2004 ms
    Initialization time 344 ms
    Memory 12.0 MiB
    Peak memory usage 12.0 MiB
    PHP memory limit 128 MiB
    Logger 87
    Errors 0
    Warnings 0
    Deprecations 87
    Cache 21 in 604.29 ms
    Cache Calls 21
    Total time 604.29 ms
    Cache hits 29 / 34 (85.29%)
    Cache writes 2
    3
    Default locale en
    Missing messages 3
    Fallback messages 0
    Defined messages 117
    Security n/a
    Authenticated No
    Firewall name main
    Twig 699 ms
    Entry View tag/overview.html.twig
    Render Time 699 ms
    Template Calls 69
    Block Calls 16
    Macro Calls 0
    44 in 371 ms
    settings_row_switch 15
    user_settings_row_switch 4
    user_inline 2
    date 2
    date_edited 2
    magazine_inline 2
    vote 2
    boost 2
    settings_row_enum 2
    entry 1
    entry_comment 1
    entry_inline 1
    user_avatar 1
    related_magazines 1
    active_users 1
    related_categories 1
    related_posts 1
    related_entries 1
    support_us_block 1
    featured_magazines 1
    8 in 437.89 ms
    Database Queries 8
    Different statements 8
    Query time 437.89 ms
    Invalid entities 0
    Cache hits 21
    Cache misses 1
    Cache puts 1
    6.4.0
    Profiler token 8cc380
    Environment dev
    Debug enabled
    PHP version 8.2.26   View phpinfo()
    PHP Extensions Xdebug ✗ APCu ✓ OPcache ✓
    PHP SAPI apache2handler
    Resources Read Symfony 6.4.0 Docs
    Help Symfony Support Channels