Am 21.12.21 um 12:10 schrieb Ansgar:
reassign 1002064 procps 2:3.3.17-5On Tue, 2021-12-21 at 11:49 +0100, Daniel Feuchtinger wrote:Debian 11 introduces a new feature, that prevents users from writing to files that they don't own ignoring the file permissions (see https://github.com/torvalds/linux/commit/30aba6656f ). 1. I think, that should not be the default behaviour but opt in.I disagree: it is a sensible change. If you want an insecure configuration, you should have to explicitly configure your system to be so.
If you say so... Try a users perspective: You try to write to a file and it does not work (funny: touch does work) You check the file permissions You check the extended attributes You search for erros and logs You check app armor You check the debian release notes You search for strange security features, breaking basic file system functionality ... You'll find nothing (you'll find something, if you know the result of your search). File access rights are a not corner case feature of some special programm with security holes, it's a basic file system feature that is now "broken". To introduce that without a visibile mention is giving your users the finger in my opinion.
2. If you fix it (write "fs.protected_regular=0" to /etc/sysctl.conf) that fix should work.You need to write to /etc/sysctl.d/protect-links.conf to overwrite settings in /usr/lib/sysctl.d/protect-links.conf.
Thanks for the solution.
See the "examples" section in man:systemd-sysctl(8).
I still think, that a hint in /etc/sysctl.conf, that this file is not working as expected, would be user friendly. Or: If you break it, why not remove it? Anyway, you might as well close this bug, if there's no chance of changing the default behaviour. I guess for a visible mention in the release notes, it is already too late. Thanks for your work, I like debian, I just disagree with your choices in this case. Daniel
smime.p7s
Description: S/MIME Cryptographic Signature
