For example, on terminal window A,
su
whoami # root
mkdir /opt/experiment/
chown aristo:aristo /opt/experiment/
Now on another terminal window, B,
su aristo
whoami # aristo
cd /opt/experiment/
touch aaa
# OK aaa is created
On terminal A,
chown root:root /opt/experiment/
chmod 700 /opt/experime
On 07/03/18 13:56, epsilon...@tutanota.com wrote:
> Do you have any network filesystems involved in this test?
No network fs.
It is a local LUKS encrypted disk with ext4 filesystem.
Kernel is latest.
Debian 9.3
7. Mar 2018 11:27 by to...@tuxteam.de:
> I can't reproduce, either. Once the chown to root happens, non-root
> user can't touch files in directory. Ext4.
I double checked. Sorry the previous example was not good. To reproduce the
issue, you have to create another directory inside the top one.
Sorry, it is very counter intuitive to me.
So what you say is this: if there is an open terminal before chmod 700, then I
can use that terminal to access "apple", but after I close terminal B, there is
no way to access that apple directory? Neither with a shall window, nor with
another software?
Addition to previous email:
Example:
In terminal B I can still modify a files as follows:
touch aaa
echo "123" > aaa
But when I do,
vi aaa
even in the same terminal, vi can't access the file aaa.
7. Mar 2018 14:14 by epsilon...@tutanota.com:
> Sorry, it is very counter intuitive to me.
> So
OK thanks for the explanations.
To make sure:
1.) To prevent this scenario, I have to do recursive chown and chmod.
2.) If I chmod only /opt/experiment, there is absolutely no other way to access
apple, other than an already open terminal.
Correct?
7. Mar 2018 14:34 by to...@tuxteam.de:
> -
Tomas and Dan, thanks for the explanations. So if the process have already a
handle (file descriptor) to apple, it can continue using it, even when I chmod
700 one of its parents. On the other hand, any new process trying to get a
handle to apple MUST traverse the directory tree. This is what I
7 matches
Mail list logo
