Curious file-permissions problem
Hi,
I wonder if someone can throw some light on this file-permissions
issue please?
It came to light as rsync complained:
rsync: failed to set times on "/var/www/mirror/foo/.": Operation not permitted (1)
An strace revealed the failure is effectively a result of:
cd /var/www/mirror/foo; touch -m .
The directory is group writable and with ownership root.staff, rysnc
is running as a user who is a member of group staff.
Now maybe there's a better way to manage the file permissions for
mirroring with rysnc, and maybe someone will comment on that as a side
discussion, but mainly I'm curious why the directory mtime cannot be
set in this way.
Some testing at the command line indeed confirms that it's not
possible to 'touch -m' or 'touch -a' a directory without direct
ownership, but plain 'touch' will succeed as long as group permissions
include write access.
My suspicion is this is a security feature, but I fail to see it
because the same as 'touch -m' can be achieved by simply creating and
then deleting a dummy file within the directory, as demonstrated
below.
This is also at http://pastebin.com/m6896ed8a for those who might
prefer to view it there.
Total respect due to any guru who can explain this... I've asked
around already and received no satisfactory explanation!
~$ ls -la /tmp/foo
total 8
drwxrwxr-x 4 root staff 1024 2007-11-26 22:53 .
drwxrwxrwt 17 root root 5120 2007-11-27 00:08 ..
drwxrwxr-x 2 gm gm 1024 2007-11-27 00:40 bar
drwxrwxr-x 2 root staff 1024 2007-11-27 00:40 baz
~$ groups
gm dialout cdrom floppy audio src video plugdev staff users powerdev ssh-login
~$ touch /tmp/foo/bar
~$ stat /tmp/foo/bar
File: `/tmp/foo/bar'
Size: 1024 Blocks: 2 IO Block: 4096 directory
Device: 308h/776d Inode: 132531 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 1000/ gm) Gid: ( 1000/ gm)
Access: 2007-11-27 00:40:36.000000000 +0000
Modify: 2007-11-27 00:40:36.000000000 +0000
Change: 2007-11-27 00:40:36.000000000 +0000
~$ touch -a /tmp/foo/bar
~$ touch -m /tmp/foo/bar
~$ stat /tmp/foo/bar
File: `/tmp/foo/bar'
Size: 1024 Blocks: 2 IO Block: 4096 directory
Device: 308h/776d Inode: 132531 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 1000/ gm) Gid: ( 1000/ gm)
Access: 2007-11-27 00:40:50.000000000 +0000
Modify: 2007-11-27 00:40:56.000000000 +0000
Change: 2007-11-27 00:40:56.000000000 +0000
~$ touch /tmp/foo/baz
~$ stat /tmp/foo/baz
File: `/tmp/foo/baz'
Size: 1024 Blocks: 2 IO Block: 4096 directory
Device: 308h/776d Inode: 132530 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 50/ staff)
Access: 2007-11-27 00:41:08.000000000 +0000
Modify: 2007-11-27 00:41:08.000000000 +0000
Change: 2007-11-27 00:41:08.000000000 +0000
~$ touch -a /tmp/foo/baz
touch: setting times of `/tmp/foo/baz': Operation not permitted
~$ touch -m /tmp/foo/baz
touch: setting times of `/tmp/foo/baz': Operation not permitted
~$ stat /tmp/foo/baz
File: `/tmp/foo/baz'
Size: 1024 Blocks: 2 IO Block: 4096 directory
Device: 308h/776d Inode: 132530 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 50/ staff)
Access: 2007-11-27 00:41:08.000000000 +0000
Modify: 2007-11-27 00:41:08.000000000 +0000
Change: 2007-11-27 00:41:08.000000000 +0000
~$ touch /tmp/foo/baz/file; rm /tmp/foo/baz/file
~$ stat /tmp/foo/baz
File: `/tmp/foo/baz'
Size: 1024 Blocks: 2 IO Block: 4096 directory
Device: 308h/776d Inode: 132530 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 50/ staff)
Access: 2007-11-27 00:41:08.000000000 +0000
Modify: 2007-11-27 00:41:37.000000000 +0000
Change: 2007-11-27 00:41:37.000000000 +0000
~$
~$
~$
-grummund
Reply to: