Here it goes. Note that the second command you asked for returns the same as the "file" entry in the first command. Thanks. [user1]$ ls -Z /home/user1 unconfined_u:object_r:user_home_t:s0 Desktop unconfined_u:object_r:user_home_t:s0 Documents unconfined_u:object_r:user_home_t:s0 Downloads unconfined_u:object_r:user_home_t:s0 file
unconfined_u:object_r:audio_home_t:s0 Music unconfined_u:object_r:user_home_t:s0 Pictures unconfined_u:object_r:user_home_t:s0 Public unconfined_u:object_r:user_home_t:s0 Templates unconfined_u:object_r:user_home_t:s0 Videos On Wed, 2016-07-27 at 18:28 +0200, Reuti wrote: > > > > Am 27.07.2016 um 18:13 schrieb László Házy <haz...@yahoo.com>: > > > > Yes, SELinux is active. > Fine. > > Can you please provide: > > $ ls -Z /home/user1 > $ ls -Z /home/user1/file > > -- Reuti > > > > > > On Wed, 2016-07-27 at 17:55 +0200, Reuti wrote: > > > > > > > > > > > > > > > Am 27.07.2016 um 17:36 schrieb László Házy < > > > > haz...@yahoo.com > > > > > > > > > > : > > > > Yes, user2 has rx access to /home/user1. This is done by the > > > > first command in the list of commands, namely: "[user1]$ chmod > > > > g+rx /home/user1". The two users are part of the same group. > > > > > > > > An even more troublesome variation, involving root, is the > > > > following: > > > > > > > > [user1]$ touch file; ls -l file > > > > -rw-r--r--. 1 user1 users 0 Jul 26 15:24 file > > > > > > > > > > The dot at the end means SELinux ACL IIRC - are you running > > > SELinux? > > > > > > -- Reuti > > > > > > > > > > > > > > > > > > > > > [user1]$ ln -s /home/user1/file /var/tmp/link > > > > [user1]$ ls -l /var/tmp/link > > > > lrwxrwxrwx. 1 user1 users 17 Jul 26 15:26 /var/tmp/link -> > > > > /home/user1/file > > > > > > > > [user1]$ [[ -f /var/tmp/link ]]; echo $? > > > > 0 > > > > > > > > [user1]$ su > > > > [root]$ [[ -f /var/tmp/link ]]; echo $? > > > > 1 > > > > > > > > > > > > On Tue, 2016-07-26 at 23:26 +0200, Reuti wrote: > > > > > > > > > > > > > > > > > > > Am 26.07.2016 um 23:07 schrieb László Házy: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hmm, interesting. I can reproduce your results. Thanks. > > > > > > However, note the following: > > > > > > > > > > > > [user1]$ chmod g+rx /home/user1 > > > > > > [user1]$ touch file; ls -l file > > > > > > -rw-r--r--. 1 user1 users 0 Jul 26 15:24 file > > > > > > > > > > > > [user1]$ su user2 -c "ln -s /home/user1/file /var/tmp/link" > > > > > > [user1]$ ls -l /var/tmp/link > > > > > > lrwxrwxrwx. 1 user2 users 17 Jul 26 15:26 /var/tmp/link -> > > > > > > /home/user1/file > > > > > > > > > > > > [user1]$ [[ -f /var/tmp/link ]]; echo $? > > > > > > 1 > > > > > > > > > > > > [user1]$ su user2 > > > > > > [user2]$ [[ -f /var/tmp/link ]]; echo $? > > > > > > 0 > > > > > > > > > > > > Something does not add up. > > > > > > > > > > > > > > > > > > > > > > > > > > > Does user2 have rx access to /home/user1? > > > > > > > > > > -- Reuti > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From experimenting, it appears that only the user who > > > > > > created the symlink will get true for the file test. > > > > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, 2016-07-26 at 15:06 -0400, Grisha Levit wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Are you sure "file" is a link to an actual file, not, > > > > > > > say, a directory? > > > > > > > > > > > > > > $ rpm -q bash; echo $BASH_VERSION; cat /etc/redhat- > > > > > > > release > > > > > > > bash-4.3.42-3.fc23.x86_64 > > > > > > > 4.3.42(1)-release > > > > > > > Fedora release 23 (Twenty Three) > > > > > > > > > > > > > > $ touch file; ln -s file link; [[ -f link ]]; echo $? > > > > > > > 0 > > > > > > > > > > > > > > On Tue, Jul 26, 2016 at 12:58 PM, László Házy < > > > > > > > > > > > > > > haz...@yahoo.com > > > > > > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I am running bash 4.3.42-3 on Fedore Core 23. > > > > > > > > > > > > > > > > I noticed that the [ -f file ] test returns false if > > > > > > > > "file" is a symlink. Given the intended behavior (from > > > > > > > > a long time ago), this is wrong as the symlinks are > > > > > > > > supposed to be followed. It certainly brakes > > > > > > > > functionality in certain existing software. > > > > > > > > > > > > > > > > Has the default behavior been changed somewhere along > > > > > > > > the time line and I am not aware of it? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
