[ale] Permission hell question
Stephan Uphoff
ups at tree.com
Wed Jun 30 17:15:03 EDT 2004
Geoffrey wrote:
> Stephan Uphoff wrote:
> > This is true for Unix and BSD ... but I have never looked at this part
> > of the Linux sources.
Yes - this is not true for Linux.
Your results show it and I also got curious and finally looked at the sources.
In BSD and Unix the file system specific code checks the access rights
during the lookup operation.
In Linux the file system specific lookup does not check the access rights.
( This is done by a separate call)
This allows Linux to check the access right of the root of the mounted
file system and then call lookup for ".." on the covered directory.
I would still not recommend making a habit of it since it can bite you
on non linux systems.
Thanks for the tests
Stephan
Geoffrey wrote:
> Stephan Uphoff wrote:
>
> > The permissions of the covered mount point usually only come into play
> > when accessing ".." from the root of the mounted fs.
> >
> > This is true for Unix and BSD ... but I have never looked at this part
> > of the Linux sources.
> >
> > As a normal user try to
> > cd /mnt/memstick #OK
> > pwd #Fails unless cached by shell
> > ls .. #Should fail
> >
> > with /mnt/memstick permission set to 700 and user root.
>
> I don't agree, note the following, all done as a normal user:
>
> /home/esoteric> cd /mnt/memstick
> ksh: cd: /mnt/memstick - Permission denied
>
> rhws/home/esoteric> ls -l /mnt/memstick
> ls: /mnt/memstick: Permission denied
>
> rhws/home/esoteric> ls -ld /mnt/memstick
> drwx------ 2 root root 4096 May 12 13:59 /mnt/memstick
>
> rhws/home/esoteric> cd /mnt/memstick
> ksh: cd: /mnt/memstick - Permission denied
>
> rhws/home/esoteric> mount /mnt/memstick
>
> rhws/home/esoteric> cd /mnt/memstick
>
> rhws/mnt/memstick> pwd
> /mnt/memstick
>
> rhws/mnt/memstick> ls ..
> cdrom floppy jump memstick
>
> So, I don't believe your point above is valid.
>
> > It is not really necessary to have matching permissions - but the wrong set
> > of permissions can cause interesting problems in a production environment.
>
> If the mount options are correct, the permissions on the mount point do
> not matter. I set the perms on /mnt/memstick to 000 as root:
>
> d--------- 2 root root 4096 May 12 13:59 /mnt/memstick
>
> I can still mount the partition as a normal user. When I do, the perms are:
>
> drwxr-xr-x 3 esoteric users 16384 Dec 31 1969 /mnt/memstick
>
> --
> Until later, Geoffrey Registered Linux User #108567
> Building secure systems in spite of Microsoft
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
More information about the Ale
mailing list