Permission Questions
Hi,
I am looking for advice how to implement best this kind of usecase:
User rd creates a file on /tmp:
rd@h370:~/tmp.nobackup$ touch /tmp/123
rd@h370:~/tmp.nobackup$ chgrp users /tmp/123
rd@h370:~/tmp.nobackup$ chmod g+w /tmp/123
rd@h370:~/tmp.nobackup$ ls -l /tmp/123
-rw-rw-r-- 1 rd users 0 30. Aug 20:42 /tmp/123
rd@h370:~/tmp.nobackup$
User ka overwrites it with the content of another file (atomically):
ka@h370:~$ echo test > 123
ka@h370:~$ mv 123 /tmp/123
mv: cannot move '123' to '/tmp/123': Operation not permitted
ka@h370:~$ id
uid=1401(ka) gid=1401(ka) groups=1401(ka),20(dialout),21(fax),24(cdrom),
30(dip),44(video),46(plugdev),100(users),1000(sispmctl)
ka@h370:~$
Although ka has write permissions as group member, this does not work.
Maybe moving removes a node in /tmp, so I am trying to append to the file as a
test:
rd@h370:~/tmp.nobackup$ touch /tmp/123
rd@h370:~/tmp.nobackup$ chgrp users /tmp/123
rd@h370:~/tmp.nobackup$ chmod g+w /tmp/123
rd@h370:~/tmp.nobackup$ ls -l /tmp/123
-rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123
rd@h370:~/tmp.nobackup$
ka@h370:~$ id
uid=1401(ka) gid=1401(ka) Gruppen=1401(ka),20(dialout),21(fax),24(cdrom),
30(dip),44(video),46(plugdev),100(users),1000(sispmctl)
ka@h370:~$ ls -l /tmp/123
-rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123
ka@h370:~$ echo test >> /tmp/123
-bash: /tmp/123: Permission denied
ka@h370:~$
Even that does not work. Why not?
Is there something special with /tmp?
kan@h370:~$ ls -ld /tmp
drwxrwxrwt 26 root root 32768 Aug 30 20:51 /tmp
ka@h370:~$
Now attempting to do the same in a regular home directory:
rd@h370:~/tmp.nobackup$ touch 123
rd@h370:~/tmp.nobackup$ chgrp users 123
rd@h370:~/tmp.nobackup$ chmod g+w 123
rd@h370:~/tmp.nobackup$
ka@h370:~$ echo test >> /home/rd/tmp.nobackup/123
ka@h370:~$
Appending works!
But replacing the file with a mv command does not work in the /home directory:
rd@h370:~/tmp.nobackup$ touch 123
rd@h370:~/tmp.nobackup$ ls -l 123
-rw-rw-r-- 1 rd users 5 30. Aug 20:39 123
rd@h370:~/tmp.nobackup$
ka@h370:~$ mv 123 /home/rd/tmp.nobackup/123
mv: cannot move '123' to '/home/rd/tmp.nobackup/123': Permission denied
ka@h370:~$
If I redirect the output and overwrite the file instead of using mv, the
system allows me to do that:
rd@h370:~/tmp.nobackup$ touch 123
rd@h370:~/tmp.nobackup$ chgrp users 123
rd@h370:~/tmp.nobackup$ chmod g+w 123
rd@h370:~/tmp.nobackup$ ls -l 123
-rw-rw-r-- 1 rd users 0 30. Aug 20:51 123
rd@h370:~/tmp.nobackup$
ka@h370:~$ echo test > 123
ka@h370:~$ cat 123 > /home/rd/tmp.nobackup/123
ka@h370:~$ cat /home/rd/tmp.nobackup/123
test
ka@h370:~$
It is weird that mv is forbidden, but redirecting the output is allowed. The
end result on the file system would be the same!
Downside of redirecting is that /home/rd/tmp.nobackup/123 is not updated
atomically (assuming another process is reading it asynchronically).
So essentially what I want to achieve:
- Updating a file atomically
- Preferably in /tmp
Any advice or hint is welcome.
Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Reply to: