[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Permission Questions

Hi,

I am looking for advice how to implement best this kind of usecase:

User rd creates a file on /tmp:

rd@h370:~/tmp.nobackup$ touch /tmp/123
rd@h370:~/tmp.nobackup$ chgrp users /tmp/123
rd@h370:~/tmp.nobackup$ chmod g+w /tmp/123
rd@h370:~/tmp.nobackup$ ls -l /tmp/123
-rw-rw-r-- 1 rd users 0 30. Aug 20:42 /tmp/123
rd@h370:~/tmp.nobackup$ 

User ka overwrites it with the content of another file (atomically):

ka@h370:~$ echo test > 123
ka@h370:~$ mv 123 /tmp/123
mv: cannot move '123' to '/tmp/123': Operation not permitted
ka@h370:~$ id
uid=1401(ka) gid=1401(ka) groups=1401(ka),20(dialout),21(fax),24(cdrom),
30(dip),44(video),46(plugdev),100(users),1000(sispmctl)
ka@h370:~$ 

Although ka has write permissions as group member, this does not work.

Maybe moving removes a node in /tmp, so I am trying to append to the file as a 
test:

rd@h370:~/tmp.nobackup$ touch /tmp/123 
rd@h370:~/tmp.nobackup$ chgrp users /tmp/123 
rd@h370:~/tmp.nobackup$ chmod g+w /tmp/123 
rd@h370:~/tmp.nobackup$ ls -l /tmp/123 
-rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123 
rd@h370:~/tmp.nobackup$ 

ka@h370:~$ id 
uid=1401(ka) gid=1401(ka) Gruppen=1401(ka),20(dialout),21(fax),24(cdrom),
30(dip),44(video),46(plugdev),100(users),1000(sispmctl) 
ka@h370:~$ ls -l /tmp/123 
-rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123 
ka@h370:~$ echo test >> /tmp/123 
-bash: /tmp/123: Permission denied 
ka@h370:~$ 

Even that does not work. Why not?

Is there something special with /tmp?

kan@h370:~$ ls -ld /tmp
drwxrwxrwt 26 root root 32768 Aug 30 20:51 /tmp
ka@h370:~$ 


Now attempting to do the same in a regular home directory:

rd@h370:~/tmp.nobackup$ touch 123
rd@h370:~/tmp.nobackup$ chgrp users 123
rd@h370:~/tmp.nobackup$ chmod g+w 123
rd@h370:~/tmp.nobackup$ 

ka@h370:~$ echo test >> /home/rd/tmp.nobackup/123
ka@h370:~$

Appending works!

But replacing the file with a mv command does not work in the /home directory:

rd@h370:~/tmp.nobackup$ touch 123       
rd@h370:~/tmp.nobackup$ ls -l 123 
-rw-rw-r-- 1 rd users 5 30. Aug 20:39 123 
rd@h370:~/tmp.nobackup$ 

ka@h370:~$ mv 123 /home/rd/tmp.nobackup/123 
mv: cannot move '123' to '/home/rd/tmp.nobackup/123': Permission denied 
ka@h370:~$ 

If I redirect the output and overwrite the file instead of using mv,  the 
system allows me to do that:

rd@h370:~/tmp.nobackup$ touch 123
rd@h370:~/tmp.nobackup$ chgrp users 123
rd@h370:~/tmp.nobackup$ chmod g+w 123
rd@h370:~/tmp.nobackup$ ls -l 123
-rw-rw-r-- 1 rd users 0 30. Aug 20:51 123
rd@h370:~/tmp.nobackup$ 

ka@h370:~$ echo test > 123
ka@h370:~$ cat 123 > /home/rd/tmp.nobackup/123 
ka@h370:~$ cat /home/rd/tmp.nobackup/123
test
ka@h370:~$ 

It is weird that mv is forbidden, but redirecting the output is allowed. The 
end result on the file system would be the same!

Downside of redirecting is that /home/rd/tmp.nobackup/123 is not updated 
atomically (assuming another process is reading it asynchronically).

So essentially what I want to achieve:
- Updating a file atomically
- Preferably in /tmp

Any advice or hint is welcome.

Thanks
Rainer

-- 
Rainer Dorsch
http://bokomoko.de/
Reply to: