Re: Permission Questions
Am Montag, 30. August 2021, 21:58:47 CEST schrieb Greg Wooledge:
> On Mon, Aug 30, 2021 at 09:01:33PM +0200, Rainer Dorsch wrote:
> > rd@h370:~/tmp.nobackup$ ls -l /tmp/123
> > -rw-rw-r-- 1 rd users 0 30. Aug 20:42 /tmp/123
> >
> > User ka overwrites it with the content of another file (atomically):
> >
> > ka@h370:~$ echo test > 123
> > ka@h370:~$ mv 123 /tmp/123
> > mv: cannot move '123' to '/tmp/123': Operation not permitted
>
> In order to perform this move, ka would first need to unlink the
> existing /tmp/123 file. ka cannot do that, because the /tmp directory
> is "sticky". Only "rd" (or root) can do it.
>
> > Maybe moving removes a node in /tmp,
>
> Yes. You can verify with strace if you're curious enough.
>
> > so I am trying to append to the file as a
> > test:
> >
> > -rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123
> >
> > ka@h370:~$ id
> > uid=1401(ka) gid=1401(ka) Gruppen=1401(ka),20(dialout),21(fax),24(cdrom),
> > 30(dip),44(video),46(plugdev),100(users),1000(sispmctl)
> > ka@h370:~$ ls -l /tmp/123
> > -rw-rw-r-- 1 rd users 0 30. Aug 20:35 /tmp/123
> > ka@h370:~$ echo test >> /tmp/123
> > -bash: /tmp/123: Permission denied
>
> That one should have worked, due to the secondary group membership.
>
> unicorn:~$ sudo touch /tmp/123; sudo chgrp video /tmp/123; sudo chmod 664
> /tmp/123 [sudo] password for greg:
> unicorn:~$ ls -l /tmp/123
> -rw-rw-r-- 1 root video 0 Aug 30 15:56 /tmp/123
> unicorn:~$ id
> uid=1000(greg) gid=1000(greg)
> groups=1000(greg),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video)
> ,46(plugdev),108(netdev) unicorn:~$ echo stuff >> /tmp/123
> unicorn:~$
>
> It works for me. Is your /tmp a non-Unix file system, or is it mounted
> with any unusual options?
Thanks for testing and your quick response.
Hmm...your example works for me as well
rd@h370:~/tmp.nobackup$ sudo touch /tmp/123; sudo chgrp video /tmp/123; sudo
chmod 664 /tmp/123
[sudo] Passwort für rd:
rd@h370:~/tmp.nobackup$ ls -l /tmp/123
-rw-rw-r-- 1 root video 0 30. Aug 22:52 /tmp/123
rd@h370:~/tmp.nobackup$ id
uid=2809(rd) gid=2809(rd) Gruppen=2809(rd),4(adm),20(dialout),21(fax),
24(cdrom),25(floppy),27(sudo),30(dip),44(video),46(plugdev),100(users),
114(lpadmin),118(scanner),126(docker),127(vboxusers),130(i2psvc),
131(wireshark),141(libvirt),1000(sispmctl)
rd@h370:~/tmp.nobackup$ echo stuff >> /tmp/123
rd@h370:~/tmp.nobackup$
As soon as I do a chown to a non-root user on /tmp/123 it does not work for me
anymore.
Is root somehow treated differently as other users?
I am not aware of special mount options for /tmp, it should be a standard
installation:
rd@h370:~/tmp.nobackup$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs
(rw,nosuid,relatime,size=16342996k,nr_inodes=4085749,mode=755)
devpts on /dev/pts type devpts
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs
(rw,nosuid,nodev,noexec,relatime,size=3273064k,mode=755)
/dev/mapper/b370--vg-root on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
cgroup2 on /sys/fs/cgroup type cgroup2
(rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs
(rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs
(rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13462)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl
(rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
/dev/sda2 on /boot type ext2 (rw,relatime)
/dev/sda1 on /boot/efi type vfat
(rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-
ro)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc
(rw,nosuid,nodev,noexec,relatime)
-hosts on /mnt/net type autofs
(rw,relatime,fd=6,pgrp=1674,timeout=60,minproto=5,maxproto=5,indirect,pipe_ino=19859)
tmpfs on /run/user/113 type tmpfs
(rw,nosuid,nodev,relatime,size=3273064k,nr_inodes=818266,mode=700,uid=113,gid=117)
tmpfs on /run/user/2809 type tmpfs
(rw,nosuid,nodev,relatime,size=3273064k,nr_inodes=818266,mode=700,uid=2809,gid=2809)
-hosts on /mnt/net/fs/mnt/disk/data type autofs
(rw,relatime,fd=6,pgrp=1674,timeout=60,minproto=5,maxproto=5,offset,pipe_ino=19859)
-hosts on /mnt/net/fs/mnt/disk/scratch type autofs
(rw,relatime,fd=6,pgrp=1674,timeout=60,minproto=5,maxproto=5,offset,pipe_ino=19859)
-hosts on /mnt/net/fs/mnt/disk/scratch2 type autofs
(rw,relatime,fd=6,pgrp=1674,timeout=60,minproto=5,maxproto=5,offset,pipe_ino=19859)
-hosts on /mnt/net/fs/mnt/disk/smarthome type autofs
(rw,relatime,fd=6,pgrp=1674,timeout=60,minproto=5,maxproto=5,offset,pipe_ino=19859)
fs:/mnt/disk/data on /mnt/net/fs/mnt/disk/data type nfs4
(rw,nosuid,nodev,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.7.203,local_lock=none,addr=192.168.7.2)
portal on /run/user/2809/doc type fuse.portal
(rw,nosuid,nodev,relatime,user_id=2809,group_id=2809)
fs:/mnt/disk/scratch on /mnt/net/fs/mnt/disk/scratch type nfs4
(rw,nosuid,nodev,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.7.203,local_lock=none,addr=192.168.7.2)
rd@h370:~/tmp.nobackup$
Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Reply to: