Tomas and Dan, thanks for the explanations. So if the process have already a
handle (file descriptor) to apple, it can continue using it, even when I chmod
700 one of its parents. On the other hand, any new process trying to get a
handle to apple MUST traverse the directory tree. This is what I
OK thanks for the explanations.
To make sure:
1.) To prevent this scenario, I have to do recursive chown and chmod.
2.) If I chmod only /opt/experiment, there is absolutely no other way to access
apple, other than an already open terminal.
Correct?
7. Mar 2018 14:34 by to...@tuxteam.de:
> -
Addition to previous email:
Example:
In terminal B I can still modify a files as follows:
touch aaa
echo "123" > aaa
But when I do,
vi aaa
even in the same terminal, vi can't access the file aaa.
7. Mar 2018 14:14 by epsilon...@tutanota.com:
> Sorry, it is very counter intuitive to me.
> So
Sorry, it is very counter intuitive to me.
So what you say is this: if there is an open terminal before chmod 700, then I
can use that terminal to access "apple", but after I close terminal B, there is
no way to access that apple directory? Neither with a shall window, nor with
another software?
7. Mar 2018 11:27 by to...@tuxteam.de:
> I can't reproduce, either. Once the chown to root happens, non-root
> user can't touch files in directory. Ext4.
I double checked. Sorry the previous example was not good. To reproduce the
issue, you have to create another directory inside the top one.
On 07/03/18 13:56, epsilon...@tutanota.com wrote:
> Do you have any network filesystems involved in this test?
No network fs.
It is a local LUKS encrypted disk with ext4 filesystem.
Kernel is latest.
Debian 9.3
For example, on terminal window A,
su
whoami # root
mkdir /opt/experiment/
chown aristo:aristo /opt/experiment/
Now on another terminal window, B,
su aristo
whoami # aristo
cd /opt/experiment/
touch aaa
# OK aaa is created
On terminal A,
chown root:root /opt/experiment/
chmod 700 /opt/experime
7 matches
Mail list logo
