Wolfgang Barth: > chown root.root /tmp/aufs-ro/test > chmod 750 /tmp/aufs-ro/test > > mount -t aufs -o br:/tmp/aufs-rw:/tmp/aufs-ro=ro none /tmp/aufs > > cd /tmp/aufs > > chgrp proxy /tmp/aufs/test > > su - proxy > cd /tmp/aufs/test -> permission denied
I was a fool, but aufs. It is a feature of aufs, correct behaviour. The permission bits are tested when you issue chdir systemcall. There are two cases of suce test in aufs. One is for non-directory, and aufs checks only the topmost inode. The other is for directory, in this case, aufs checks all of the lower inodes. I guess you can understand easily the reason if you imagine the opendir(3) case. If aufs checks only the topmost dir and when a user is allowed to readdir to the topmost inode, but the lower inodes, the user may get just a part of the directory. It is a violation of Unix semantics. In your case, after you chgrp the dir, the dir exists both the rw and ro. You are not allowed to read the dir on ro, and the permission bits test in chdir(2) failed. Junjiro Okajima ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
