Hello, I face some misunderstood situation related to the access permissions.
There is a program(script) with the suid/sgid (mode 6555): r-sr-sr-x fuser:proggroup theprog There is a file: rw-rw---- someone:filegroup thefile User 'fuser' (==program euid) have primary group 'filegroup'(==group, who can read/write thefile). Program try to read(write) thefile and fail with permissions. I don't fully understand why. According VOP_ACCESS(9) there is a check /* Otherwise, check the groups. */ for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++) ... So, i have only one assumption: when seteuided program executed ucred struct and cred->cr_groups doesn't change accordingly to euid/egid and stay the same as for executor. Is this a bug (how can i fix it) or feature (how can i bypass it)? -- Best regards, Anthony mailto:a...@mail.ru _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
