Results 1 to 2 of 2
Thread: Extended permissions on ext3
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
05-16-2008 #1
- Join Date
- May 2008
- Posts
- 2
Extended permissions on ext3
In the example below, I am setting a user ACE to have no permissions to access the file (---). However, I find that when I access the file as that user, I am able to read it. I find this strange because according to the man page, as soon as it matches the user ACE entry, it should allow or deny access.
If I set an identical ACL except I add the "wx" permission bits to the user ACE (-wx), I am rejected (which is what I expect). I am just wondering why I can read the file when I have no permissions (---) set on the user ACE (I expected to be rejected). Examples are below:
Example with no permissions for the user ACE:
Code:[root@jvincent-D800 ~]# cd /tmp [root@jvincent-D800 tmp]# echo "hello world" > file.txt [root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,u:postgres:---,m:--- file.txt [root@jvincent-D800 tmp]# getfacl file.txt # file: file.txt # owner: root # group: root user::rwx user:postgres:--- group::rwx #effective:--- mask::--- other::rwx [root@jvincent-D800 tmp]# ls -l file.txt -rwx---rwx+ 1 root root 12 May 7 11:33 file.txt [root@jvincent-D800 tmp]# su - postgres [postgres@jvincent-D800 ~]$ id uid=501(postgres) gid=501(postgres) groups=501(postgres) [postgres@jvincent-D800 ~]$ whoami postgres [postgres@jvincent-D800 ~]$ cat /tmp/file.txt hello world [postgres@jvincent-D800 ~]$
Code:[root@jvincent-D800 tmp]# cd /tmp [root@jvincent-D800 tmp]# echo "hello world" > file.txt [root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,u:postgres:-wx,m:rwx file.txt [root@jvincent-D800 tmp]# getfacl file.txt # file: file.txt # owner: root # group: root user::rwx user:postgres:-wx group::rwx mask::rwx other::rwx [root@jvincent-D800 tmp]# ls -l file.txt -rwxrwxr--+ 1 root root 12 May 7 13:47 file.txt [root@jvincent-D800 tmp]# su - postgres [postgres@jvincent-D800 ~]$ id uid=501(postgres) gid=501(postgres) groups=501(postgres) [postgres@jvincent-D800 ~]$ whoami postgres [postgres@jvincent-D800 ~]$ cat /tmp/file.txt cat: /tmp/file.txt: Permission denied [postgres@jvincent-D800 ~]$
-
05-16-2008 #2
- Join Date
- May 2008
- Posts
- 2
I figured out the problem. It turns out the version of the kernel that I was using had the bug. It has been fixed in later kernel versions.
Found bug in kernel version 2.6.17
Fixed in kernel version 2.6.20