On Thu, Dec 14, 2006 at 02:31:52AM +1100, Bruce Evans wrote: > On Wed, 13 Dec 2006, Pawel Jakub Dawidek wrote: > > >pjd 2006-12-13 11:46:38 UTC > > > > FreeBSD src repository > > > > Modified files: > > lib/libc/sys chown.2 > > Log: > > Be more precise with EPERM description. When chown(2) is a no-op, it will > > return 0. > > VADMIN access is still required for null changes. This normally means > that the the caller must own the file, but there are complications for > ACLs. [...]
Right, my testing wasn't precise. But still, if I pass uid=-1 and gid=-1 it works always (I don't have to have VADMIN access). > [...] Also, non-null changes within the group don't require super-user > permissions. Right. > The details for this are hard to describe. They are at least as complicated > as: > - the effective uid must be the super-user, unless all of the following: > . it is the same as the file's uid, or [complications for ACLs] > . the change to the uids of the file is null > . [permission is never granted based solely on the egid-- check this] > . the change to the gids is either null or the new file gid is in the > same group as the egid. > . [nothing is required or the old file gid -- check this] > I used fine print in POSIX to justify permitting null changes to the > gid. FreeBSD-1 doesn't allow this. My reasoning was something like > "non-null changes (from a gid not in our group to one in our group) > are permitted (if euid == old file uid == new file uid), so why disallow > null changes? The uid checks should be sufficient." McKusick agreed > with this. Do you have a suggestion how we can describe it properly? > All this is mainly for ffs. Many file systems are probably still > stricter. Some non-POSIX ones should be less strict when they only > have fake attributes and the fake attributes get in the way of making > null changes. I'm going to check this. I'm writting regression tests based on UFS behaviour and want to run them on ZFS when I finish. I'm trying to create protable code, so that we can try it on different operating system and compare the results. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpZAsBYpezww.pgp
Description: PGP signature
