Re: Incompatible group permission - Is it a bug?
Hi, Dňa Sun, 17 Jun 2012 02:46:05 +0530 Vivek Prakash vi...@mycareerstack.com napísal: My point is that there is not some miracle happening here. What happens under the hood that the new memberships don't come into play if I don't logout/login or change the group ID of a login session using `newgrp' ? Is this behaviour expected? I don't think so. After all, /etc/passwd /etc/group and some other related files are read by the functions in libc to check the permission whenever a user wants to do something, for example change a directory or write to a file or execute a binary, etc. What is it that the new memberships don't come into play immediately? Most importantly, is this behavior desired after all? I don't know the background nor understand the sources :-) But consider this – listing of directory content with thousands files. You are want to read /etc/passwd for any file in it? This take a lot of useless disk reads. Then some as caching is here and IMO this is was the login does for this. regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Incompatible group permission - Is it a bug?
Hi, I am creating another user and placing an existing user in the group of other user, hoping to write in the home directory of other user. Sounds very simple! # uname -a Linux vini 2.6.38-11-generic #50-Ubuntu SMP Mon Sep 12 21:18:14 UTC 2011 i686 athlon i386 GNU/Linux # whoami vivek # su root # useradd -m -U foo // create user foo # usermod -a -G foo vivek // add user `vivek' to group `foo' # chmod 770 /home/foo/ # exit # whoami vivek # cd /home/foo/ bash: cd: /home/foo/: Permission denied # groups vivek vivek : vivek foo This is totally weird. Though user `vivek' is in group `foo', and group bits for /home/foo/ is set to rwx, `vivek' can't chdir to /home/foo/. I am not able to understand this. But, if at the `exit' step, I switch to `vivek' user from root, this is what happens: # uname -a Linux vini 2.6.38-11-generic #50-Ubuntu SMP Mon Sep 12 21:18:14 UTC 2011 i686 athlon i386 GNU/Linux # whoami vivek # su root # useradd -m -U foo // create user foo # usermod -a -G foo vivek // add user `vivek' to group `foo' # chmod 770 /home/foo/ # su vivek # whoami vivek # cd /home/foo/ # ls examples.desktop Now, whatever is happening here is totally incomprehensible. Does `su vivek' inherits some permissions from the `root' user at this step? Any explanations would be much appreciated. Thanks, Vivek -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caentugpdtomw8u6ooovp3sp2unmpn-0e5grakjoumdxykqb...@mail.gmail.com
Re: Incompatible group permission - Is it a bug?
Hi, Dňa Sun, 17 Jun 2012 01:04:44 +0530 Vivek Prakash vivek.cs.i...@gmail.com napísal: # whoami vivek # cd /home/foo/ bash: cd: /home/foo/: Permission denied # groups vivek vivek : vivek foo This is totally weird. Though user `vivek' is in group `foo', and group bits for /home/foo/ is set to rwx, `vivek' can't chdir to /home/foo/. I am not able to understand this. IMO, you must to logout/login to new memberships can be in play :-) or use the newgrp command. regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: Incompatible group permission - Is it a bug?
Hi Slavko, On Sun, Jun 17, 2012 at 1:19 AM, Slavko li...@slavino.sk wrote: IMO, you must to logout/login to new memberships can be in play :-) or use the newgrp command. Thank you for these suggestions. They do work :) I had a look at the newgrp source code and it does what i expect it to do. newgrp is installed at /usr/bin/ with owner root and setuid bit on. # ls -l `which newgrp` -rwsr-xr-x root root /usr/bin/newgrp This means that it is executed with root permission with any user. In the code, it calls setgid(new_group_name) after routine checking for permissions and prompts for password if necessary. After that it drops its permission to the user who executed this command with setuid(getuid()) and initializes the environment variables if `-' option is given. My point is that there is not some miracle happening here. What happens under the hood that the new memberships don't come into play if I don't logout/login or change the group ID of a login session using `newgrp' ? Is this behaviour expected? I don't think so. After all, /etc/passwd /etc/group and some other related files are read by the functions in libc to check the permission whenever a user wants to do something, for example change a directory or write to a file or execute a binary, etc. What is it that the new memberships don't come into play immediately? Most importantly, is this behavior desired after all? I would very much appreciate any explanation and answer. Thanks, Vivek -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAENtUgrSbEwmA6U=C4S1HZLMsqLa-_yiz-n=br6h6ds_lnn...@mail.gmail.com
