[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding entries to a directory

From: Sergiu Ivanov
Subject: Re: Adding entries to a directory
Date: Tue, 17 Nov 2009 11:57:46 +0200
User-agent: Mutt/1.5.20 (2009-06-14)


On Mon, Nov 09, 2009 at 02:58:12PM +0100, Carl Fredrik Hammar wrote:
> On Thu, Nov 05, 2009 at 12:29:54PM +0100, olafBuddenhagen@gmx.net wrote:
> > 
> > > Well, obviously, O_READ permission on a directory is sufficient to
> > > create files in it.
> > 
> > Ah, interesting...
> > 
> > > I'm not sure whether this is a feature or a misbehaviour
> > 
> > I don't think it's a bug -- doesn't seem very likely that nobody would
> > have noticed such a fundamental bug all this time...
> I was about to say it's definitaly a bug, but a quick look in open(2)
> states that open() should fail with EISDIR if open mode is write...
> This suggests that adding entries depend on the permission bits
> of the directory and the users and grougs of the client.

Thank you for the investigation! :-) It didn't occur to me to look
into manpages first :-(
> How to properly verify whether a client has this access in
> a proxy such as unionfs is an interesting question.
> If run by root it could recreate whatever auth object
> the client is using, but its harder for a normal user.

Generally, unionfs checks permissions whenever it is asked to carry
out some operation.  Similarly, when it is asked to create a new entry
under a directory, it first checks the user's permissions.

Although I fail to realize how unionfs would help root to recreate any
auth object used by a client, I'd believe that root could recreate any
auth object without the aid of unionfs, too :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]