Find the answer to your Linux question:
Results 1 to 2 of 2
I am seeing some strange behavior with extended permissions on ext3. I am writing a file as root and setting a user ACE. I then change to that user and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2008
    Posts
    2

    Extended permissions on ext3


    I am seeing some strange behavior with extended permissions on ext3. I am writing a file as root and setting a user ACE. I then change to that user and try to access the file based on the ACL that I have set.

    In the example below, I am setting a user ACE to have no permissions to access the file (---). However, I find that when I access the file as that user, I am able to read it. I find this strange because according to the man page, as soon as it matches the user ACE entry, it should allow or deny access.

    If I set an identical ACL except I add the "wx" permission bits to the user ACE (-wx), I am rejected (which is what I expect). I am just wondering why I can read the file when I have no permissions (---) set on the user ACE (I expected to be rejected). Examples are below:

    Example with no permissions for the user ACE:
    Code:
    [root@jvincent-D800 ~]# cd /tmp
    [root@jvincent-D800 tmp]# echo "hello world" > file.txt
    [root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,u:postgres:---,m:--- file.txt
    [root@jvincent-D800 tmp]# getfacl file.txt
    # file: file.txt
    # owner: root
    # group: root
    user::rwx
    user:postgres:---
    group::rwx                      #effective:---
    mask::---
    other::rwx
    
    [root@jvincent-D800 tmp]# ls -l file.txt
    -rwx---rwx+ 1 root root 12 May  7 11:33 file.txt
    
    [root@jvincent-D800 tmp]# su - postgres
    [postgres@jvincent-D800 ~]$ id
    uid=501(postgres) gid=501(postgres) groups=501(postgres)
    [postgres@jvincent-D800 ~]$ whoami
    postgres
    [postgres@jvincent-D800 ~]$ cat /tmp/file.txt
    hello world
    [postgres@jvincent-D800 ~]$
    Example with -wx permissions for the user ACE:
    Code:
    [root@jvincent-D800 tmp]# cd /tmp
    [root@jvincent-D800 tmp]# echo "hello world" > file.txt
    [root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,u:postgres:-wx,m:rwx file.txt
    [root@jvincent-D800 tmp]# getfacl file.txt
    # file: file.txt
    # owner: root
    # group: root
    user::rwx
    user:postgres:-wx
    group::rwx
    mask::rwx
    other::rwx
    
    [root@jvincent-D800 tmp]# ls -l file.txt
    -rwxrwxr--+ 1 root root 12 May  7 13:47 file.txt
    [root@jvincent-D800 tmp]# su - postgres
    [postgres@jvincent-D800 ~]$ id
    uid=501(postgres) gid=501(postgres) groups=501(postgres)
    [postgres@jvincent-D800 ~]$ whoami
    postgres
    [postgres@jvincent-D800 ~]$ cat /tmp/file.txt
    cat: /tmp/file.txt: Permission denied
    [postgres@jvincent-D800 ~]$

  2. #2
    Just Joined!
    Join Date
    May 2008
    Posts
    2
    I figured out the problem. It turns out the version of the kernel that I was using had the bug. It has been fixed in later kernel versions.

    Found bug in kernel version 2.6.17
    Fixed in kernel version 2.6.20

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •