apport information
** Tags added: apport-collected
** Description changed:
Hi!
According to my experience the Linux Kernel Access Control evaluate
wrongly the POSIX ACL-s when a mask is null (mask::---)
Let's see an example:
root@bar:~# getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: root
# group: root
user::rw-
user:foo:---
group::r-- #effective:---
mask::---
^^^^^
other::r--
As we can see the foo user hasn't got any rights on the test file and a mask
is zero.
Let's try to read the file as the foo user:
foo@bar:~$ cat /tmp/test
FOOBAR
foo@bar:~$
Success.
According to the documentation (man acl) user foo cannot access the file:
" 2. else if the effective user ID of the process matches the qualifier
of any entry of type ACL_USER, then
if the matching ACL_USER entry and the ACL_MASK entry contain
the requested permissions, access is granted,
else access is denied."
If I change the the mask entry to something else:
root@bar:~# getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: root
# group: root
user::rw-
user:foo:---
group::r-- #effective:---
mask::-w-
^^^^^^
other::r--
the foo user cannot read the file:
foo@bar:~$ cat /tmp/test
cat: /tmp/test: Permission denied
I tested with ext4 and tmpfs with the same result. I also tested on a
Solaris 9 machine where the permissions work as expected.
System info:
Description: Ubuntu 12.04.1 LTS
Release: 12.04
acl:
Installed: 2.2.51-5ubuntu1
Candidate: 2.2.51-5ubuntu1
Version table:
*** 2.2.51-5ubuntu1 0
500 http://hu.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
100 /var/lib/dpkg/status
Linux bar 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC
2012 i686 i686 i386 GNU/Linux
- Thank you for your time and I hope you can find the source of this
- issue.
+ Thank you for your time and I hope you can find the source of this issue.
+ ---
+ ApportVersion: 2.0.1-0ubuntu13
+ Architecture: i386
+ DistroRelease: Ubuntu 12.04
+ InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386
(20120423)
+ Package: linux
+ PackageArchitecture: i386
+ ProcVersionSignature: Ubuntu 3.2.0-29.46-generic-pae 3.2.24
+ Tags: precise
+ Uname: Linux 3.2.0-29-generic-pae i686
+ UpgradeStatus: No upgrade log present (probably fresh install)
+ UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
** Attachment added: "Dependencies.txt"
https://bugs.launchpad.net/bugs/1081502/+attachment/3440223/+files/Dependencies.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1081502
Title:
posix acl permissions evaluated wrongly with null mask
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1081502/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
