FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > EXT3 Users

 
 
LinkBack Thread Tools
 
Old 05-15-2008, 04:11 PM
"Jon Vincent"
 
Default Extended permissions on ext3

Hello,

I am seeing some strange behavior with extended permissions on ext3. I am writing a file as root and setting a user ACE. I then change to that user and try to access the file based on the ACL that I have set.


In the example below, I am setting a user ACE to have no permissions to access the file (---). However, I find that when I access the file as that user, I am able to read it. I find this strange because according to the man page, as soon as it matches the user ACE entry, it should allow or deny access.


If I set an identical ACL except I add the "wx" permission bits to the user ACE (-wx), I am rejected (which is what I expect). I am just wondering why I can read the file when I have no permissions (---) set on the user ACE (I expected to be rejected). Examples are below:


Example with no permissions for the user ACE:
-------------------------------------------------------------------------
[root@jvincent-D800 ~]# cd /tmp
[root@jvincent-D800 tmp]# echo "hello world" > file.txt

[root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,uostgres:---,m:--- file.txt
[root@jvincent-D800 tmp]# getfacl file.txt
# file: file.txt
# owner: root
# group: root
user::rwx
userostgres:---

group::rwx********************* #effective:---
mask::---
other::rwx

[root@jvincent-D800 tmp]# ls -l file.txt
-rwx---rwx+ 1 root root 12 May* 7 11:33 file.txt

[root@jvincent-D800 tmp]# su - postgres

[postgres@jvincent-D800 ~]$ id
uid=501(postgres) gid=501(postgres) groups=501(postgres)
[postgres@jvincent-D800 ~]$ whoami
postgres
[postgres@jvincent-D800 ~]$ cat /tmp/file.txt
hello world
[postgres@jvincent-D800 ~]$



Example with -wx permissions for the user ACE:

-------------------------------------------------------------------------
[root@jvincent-D800 tmp]# cd /tmp
[root@jvincent-D800 tmp]# echo "hello world" > file.txt
[root@jvincent-D800 tmp]# setfacl -m u::rwx,g::rwx,o::rwx,uostgres:-wx,m:rwx file.txt

[root@jvincent-D800 tmp]# getfacl file.txt
# file: file.txt
# owner: root
# group: root
user::rwx
userostgres:-wx
group::rwx
mask::rwx
other::rwx

[root@jvincent-D800 tmp]# ls -l file.txt

-rwxrwxr--+ 1 root root 12 May* 7 13:47 file.txt
[root@jvincent-D800 tmp]# su - postgres
[postgres@jvincent-D800 ~]$ id
uid=501(postgres) gid=501(postgres) groups=501(postgres)
[postgres@jvincent-D800 ~]$ whoami

postgres
[postgres@jvincent-D800 ~]$ cat /tmp/file.txt
cat: /tmp/file.txt: Permission denied
[postgres@jvincent-D800 ~]$


Thanks!

Jon

_______________________________________________
Ext3-users mailing list
Ext3-users@redhat.com
https://www.redhat.com/mailman/listinfo/ext3-users
 

Thread Tools




All times are GMT. The time now is 03:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org