> Am 27.07.2016 um 18:55 schrieb László Házy <haz...@yahoo.com>: > > Here it goes. Note that the second command you asked for returns the same as > the "file" entry in the first command. Thanks.
Yeah, I meant: $ ls -Zd /home/user1 to show the entry of the directory itself, not its content. - Reuti > [user1]$ ls -Z /home/user1 > unconfined_u:object_r:user_home_t:s0 Desktop > unconfined_u:object_r:user_home_t:s0 Documents > unconfined_u:object_r:user_home_t:s0 Downloads > unconfined_u:object_r:user_home_t:s0 file > unconfined_u:object_r:audio_home_t:s0 Music > unconfined_u:object_r:user_home_t:s0 Pictures > unconfined_u:object_r:user_home_t:s0 Public > unconfined_u:object_r:user_home_t:s0 Templates > unconfined_u:object_r:user_home_t:s0 Videos > > > > > On Wed, 2016-07-27 at 18:28 +0200, Reuti wrote: >>> >>> Am 27.07.2016 um 18:13 schrieb László Házy < >>> haz...@yahoo.com >>> >: >>> >>> Yes, SELinux is active. >>> >> >> >> Fine. >> >> Can you please provide: >> >> $ ls -Z /home/user1 >> $ ls -Z /home/user1/file >> >> -- Reuti >> >> >> >>> >>> On Wed, 2016-07-27 at 17:55 +0200, Reuti wrote: >>> >>>> >>>>> >>>>> >>>>> Am 27.07.2016 um 17:36 schrieb László Házy < >>>>> >>>>> haz...@yahoo.com >>>>>> >>>>>> : >>>>>> >>>>> >>>>> >>>>> Yes, user2 has rx access to /home/user1. This is done by the first >>>>> command in the list of commands, namely: "[user1]$ chmod g+rx >>>>> /home/user1". The two users are part of the same group. >>>>> >>>>> An even more troublesome variation, involving root, is the following: >>>>> >>>>> [user1]$ touch file; ls -l file >>>>> -rw-r--r--. 1 user1 users 0 Jul 26 15:24 file >>>>> >>>>> >>>> >>>> >>>> >>>> The dot at the end means SELinux ACL IIRC - are you running SELinux? >>>> >>>> -- Reuti >>>> >>>> >>>> >>>> >>>>> >>>>> >>>>> [user1]$ ln -s /home/user1/file /var/tmp/link >>>>> [user1]$ ls -l /var/tmp/link >>>>> lrwxrwxrwx. 1 user1 users 17 Jul 26 15:26 /var/tmp/link -> >>>>> /home/user1/file >>>>> >>>>> [user1]$ [[ -f /var/tmp/link ]]; echo $? >>>>> 0 >>>>> >>>>> [user1]$ su >>>>> [root]$ [[ -f /var/tmp/link ]]; echo $? >>>>> 1 >>>>> >>>>> >>>>> On Tue, 2016-07-26 at 23:26 +0200, Reuti wrote: >>>>> >>>>> >>>>>> >>>>>> >>>>>> Am 26.07.2016 um 23:07 schrieb László Házy: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hmm, interesting. I can reproduce your results. Thanks. >>>>>>> However, note the following: >>>>>>> >>>>>>> [user1]$ chmod g+rx /home/user1 >>>>>>> [user1]$ touch file; ls -l file >>>>>>> -rw-r--r--. 1 user1 users 0 Jul 26 15:24 file >>>>>>> >>>>>>> [user1]$ su user2 -c "ln -s /home/user1/file /var/tmp/link" >>>>>>> [user1]$ ls -l /var/tmp/link >>>>>>> lrwxrwxrwx. 1 user2 users 17 Jul 26 15:26 /var/tmp/link -> >>>>>>> /home/user1/file >>>>>>> >>>>>>> [user1]$ [[ -f /var/tmp/link ]]; echo $? >>>>>>> 1 >>>>>>> >>>>>>> [user1]$ su user2 >>>>>>> [user2]$ [[ -f /var/tmp/link ]]; echo $? >>>>>>> 0 >>>>>>> >>>>>>> Something does not add up. >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Does user2 have rx access to /home/user1? >>>>>> >>>>>> -- Reuti >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> From experimenting, it appears that only the user who created the >>>>>>> symlink will get true for the file test. >>>>>>> >>>>>>> Thank you. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, 2016-07-26 at 15:06 -0400, Grisha Levit wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Are you sure "file" is a link to an actual file, not, say, a directory? >>>>>>>> >>>>>>>> $ rpm -q bash; echo $BASH_VERSION; cat /etc/redhat-release >>>>>>>> bash-4.3.42-3.fc23.x86_64 >>>>>>>> 4.3.42(1)-release >>>>>>>> Fedora release 23 (Twenty Three) >>>>>>>> >>>>>>>> $ touch file; ln -s file link; [[ -f link ]]; echo $? >>>>>>>> 0 >>>>>>>> >>>>>>>> On Tue, Jul 26, 2016 at 12:58 PM, László Házy < >>>>>>>> >>>>>>>> >>>>>>>> haz...@yahoo.com >>>>>>>>> >>>>>>>>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> I am running bash 4.3.42-3 on Fedore Core 23. >>>>>>>>> >>>>>>>>> I noticed that the [ -f file ] test returns false if "file" is a >>>>>>>>> symlink. Given the intended behavior (from a long time ago), this is >>>>>>>>> wrong as the symlinks are supposed to be followed. It certainly >>>>>>>>> brakes functionality in certain existing software. >>>>>>>>> >>>>>>>>> Has the default behavior been changed somewhere along the time line >>>>>>>>> and I am not aware of it? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >> >> >>
