Non-sudo user can freely access/copy root's homedir?!

[TheGowk]

Hello,

I've just created a non-sudo user, with no extra permissions.

Code:

$ useradd -m test
$ su - test
$ whoami
test
$ ls -la
total 24
drwxr-xr-x 2 test test 4096 Dec 14 11:43 .
drwxr-xr-x 4 root root 4096 Dec 14 11:43 ..
-rw-r--r-- 1 test test  220 Nov 10 12:45 .bash_logout
-rw-r--r-- 1 test test 3391 Nov 25 13:36 .bashrc
-rw-r--r-- 1 test test 3526 Nov 10 12:45 .bashrc.original
-rw-r--r-- 1 test test  807 Nov 10 12:45 .profile

Next, we're having a file in root's home directory:

Code:

$ cd /root/Downloads/
$ ls -la
total 19832
drwxr-xr-x  2 root root     4096 Dec 14 11:44 .
drwxr-xr-x 16 root root     4096 Dec 14 11:24 ..
-rw-r--r--  1 root root 20298848 Dec 13 22:38 test.file

Now let's see what's happening:
$ su - test
$ cd /root/Downloads
$ ls -la
total 19832
drwxr-xr-x 2 root root 4096 Dec 14 11:44 .
drwxr-xr-x 16 root root 4096 Dec 14 11:24 ..
-rw-r--r-- 1 root root 20298848 Dec 13 22:38 test.file
$ cp test.file ~
$ cd ~
$ ls -la
total 19848
drwxr-xr-x 2 test test 4096 Dec 14 11:47 .
drwxr-xr-x 4 root root 4096 Dec 14 11:43 ..
-rw-r--r-- 1 test test 220 Nov 10 12:45 .bash_logout
-rw-r--r-- 1 test test 3391 Nov 25 13:36 .bashrc
-rw-r--r-- 1 test test 3526 Nov 10 12:45 .bashrc.original
-rw-r--r-- 1 test test 807 Nov 10 12:45 .profile
-rw-r--r-- 1 test test 20298848 Dec 14 11:47 test.file
[/CODE]

How is this even possible? How can a non-sudo, basic user access root's Downloads and copy a file that's owned by root (from root's own homedir)?!

Please note that this is a fresh/clean/untouched Kali install.

Any hints?

[sbk]

Just need to keep in mind Kali isn't a normal Linux distro. On Kali things are designed to be run under root and there isn't really any need for non-root users to be created. If you run under root, things like permissions on /root/ files are a mute point.
The others permissions on /root/Downloads (o+rx) and test.file (o+r) are allowing this access.