Re: sudo python PermissionError [Errno 13] Permission denied

Thu, 17 Dec 2020 04:46:52 -0800 

you are right !

the "sticky bit" set to /tmp/ prevents the root user from altering the file
belonging to the simple user !

$ ls -ld /tmp/
drwxrwxrwt 13 root root 320 Dec 17 13:22 /tmp/

$ ls -l /tmp/test
-rw-r--r-- 1 user 0 Dec 17 13:24 /tmp/test

$ echo test | sudo tee -a /tmp/test
tee: /tmp/test: Permission denied
test

but it does not prevent its deletion !

$ sudo rm -v /tmp/test
removed '/tmp/test'.

which misled me : sorry for the waste of time.

happy end of year 2020, lacsaP.

Le jeu. 17 déc. 2020 à 13:09, <2qdxy4rzwzuui...@potatochowder.com> a écrit :

> On 2020-12-17 at 11:17:37 +0100,
> Pascal <patate...@gmail.com> wrote:
>
> > hi,
> >
> > here, I have this simple script that tests if the /tmp/test file can be
> > opened in write mode :
> >
> > $ cat /tmp/append
> > #!/usr/bin/python
> > with open('/tmp/test', 'a'): pass
> >
> > the file does not exist yet :
> >
> > $ chmod +x /tmp/append
> > $ ls -l /tmp/test
> > ls: cannot access '/tmp/test': No such file or directory
> >
> > the script is launched as a simple user :
> >
> > $ /tmp/append
> > $ ls -l /tmp/test
> > -rw-r--r-- 1 user user 0 Dec 17 10:30 /tmp/test
> >
> > everything is ok.
> > now, the script fails if it is replayed as root user with the sudo
> command :
> >
> > $ sudo /tmp/append
> > [sudo] password for user:
> > Traceback (most recent call last):
> >   File "/tmp/append", line 2, in <module>
> >     with open('/tmp/test', 'a'):
> > PermissionError: [Errno 13] Permission denied: '/tmp/test'
> >
> > the problem is the same if the opening mode is 'w' or if "sudo -i" or
> "su -"
> > are used.
> >
> > why can't root user under python manipulate the simple user file ?
>
> This has to do with the idiosyncratic permissions of the /tmp directory
> and not your code.  In my shell on my Linux box:
>
>     $ rm -f /tmp/x
>     $ echo x >/tmp/x
>     $ echo x | sudo tee /tmp/x
>     tee: /tmp/x: Permission denied
>     x
>
>     $ ls -ld /tmp
>     drwxrwxrwt 13 root root 380 Dec 17 06:03 /tmp
>
> Try your experiment in a different directory, one without the sticky bit
> set.
> --
> https://mail.python.org/mailman/listinfo/python-list
>
-- 
https://mail.python.org/mailman/listinfo/python-list

Reply via email to