bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Readable files: a Unix philosophy question for gurus


From: Jim Meyering
Subject: Re: Readable files: a Unix philosophy question for gurus
Date: Sun, 09 Feb 2003 10:14:32 +0100

Hi Nelson,

Thanks for bringing that up!
There is indeed a problem with the `test' in the coreutils --
and with the nearly identical built-in provided by bash.
I've just changed the one in coreutils to use euidaccess
(either the one in libc, or the supplied replacement).
That solves the problem only in the (albeit common) case
in which effective and actual UID and GID are identical.

Now, using the just-patched binary,
`test -w' fails when applied to e.g., an immutable file:

  $ f=/tmp/im; : > $f; sudo chattr +i $f
  $ ./test -w $f || echo not writable
  not writable
  $ ls -go $f
  -rw-r--r--    1        0 Feb  9 10:02 /tmp/im

However, it'd still do the wrong thing if you ran it from a
`su'd shell, because it would not be able to rely on using
the `access' function.

Jim

"Nelson H. F. Beebe" <address@hidden> wrote:
> In "man test", we find this documentation:
>
>        -r FILE
>               FILE exists and is readable
>
> Similar wording appears in vendor man pages, although Compaq OSF/1
> is a bit more precise:
>
>        -r file
>            TRUE if file exists and has read permission.
>
> Consider a file with these permissions:
>
>       % ls -l foo.xml
>       -rwSr-Srwx    2 beebe    staff      174440 Feb  8 08:20 foo.xml
>
> created by
>
>       chmod u+s,g+s,o+rwxt foo.xml
>
> Now look at this:
>
> (1) On the file server:
>
>       /bin/test -r foo.xml && echo file is readable
>       file is readable
>
>       /usr/local/bin/test -r foo.xml && echo file is readable
>       file is readable
>
>       /usr/local/bin/test --version
>       test (GNU coreutils) 4.5.6
>       ...
>
>       /bin/cat foo.xml > /dev/null
>
>       echo $?
>       0
>
> (2) On a [Sun Solaris 2.8] client, where the filesystem is mounted via
>     NFS with the attributes remote/read/write/nosuid/grpid/intr/noquota:
>
>       /bin/test -r foo.xml && echo file is readable
>       [no output]
>
>       /usr/local/bin/test -r foo.xml && echo file is readable
>       file is readable
>
>       /bin/cat foo.xml > /dev/null
>       cat: cannot open foo.xml
>
>       /usr/local/bin/cat foo.xml > /dev/null
>       /usr/local/bin/cat: foo.xml: Permission denied
>
>       echo $?
>       1
>
> The $65,536 question is: what should test report?  In this case, the
> setuid bit combined with the mount options makes the file unreadable,
> and the Solaris test command reflects that, but the GNU coreutils
> one does not.
>
> Experiments with native test on other systems produced these results:
>
>       SGI IRIX 6.5:           file is readable, cat fails
>       Compaq OSF/1 4.0:       no output from test, cat fails
>
> On AIX, my home filesystem is not mounted with special attributes, so
> I could not make the same experiment.
>
> On FreeBSD, chmod would not do g+s or o+t for me, and the file
> remained readable for both test and cat.
>
> My feeling is that the GNU version of test (going back to at least
> sh-utils 2.0.11 on Red Hat 7.2, and likely much earlier), and the IRIX
> version too, are wrong.
>
> I think that one really should be able to do "test -r foo && cat foo"
> without cat failing because of permissions.
>
> Comments?
>
> -------------------------------------------------------------------------------
> - Nelson H. F. Beebe                    Tel: +1 801 581 5254                  
> -
> - Center for Scientific Computing       FAX: +1 801 581 4148                  
> -
> - University of Utah                    Internet e-mail: address@hidden  -
> - Department of Mathematics, 110 LCB        address@hidden  address@hidden -
> - 155 S 1400 E RM 233                       address@hidden                    
> -
> - Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe  
> -
> -------------------------------------------------------------------------------




reply via email to

[Prev in Thread] Current Thread [Next in Thread]