Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp668844ybk; Wed, 13 May 2020 09:54:29 -0700 (PDT) X-Google-Smtp-Source: APiQypIqFAlM2/GbB2x28Mcp6M32agopzc6vMCaLtjOHBhheWkzdZpWwmaDETyJZ+vhDv7UrpwXd X-Received: by 2002:a17:906:31d7:: with SMTP id f23mr22867740ejf.118.1589388869687; Wed, 13 May 2020 09:54:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589388869; cv=none; d=google.com; s=arc-20160816; b=WM8OKAsAtl2Gah70Pf/WWp4lSRPSRyKUc4F+7a7/yO9b2YQOzOP3eObE0b1POZgn5f 4g8fZ+10HwkiiiMzAjS5LF2V//LirMp6yn9edxxl66oOHwHx7xM9XGqrc7Q6eZsvJGBP 0hhmmWURu5suWWY2MMYZqNPx735KxmR2AAeA3/1Fc/9oLM/BuGzBgQ5GSJvBGHDy3l1n fMC3QYQk8r7Lv1ymJzxPr5HK5hvJ9nQ/lN8YxdPzDEDWUwnrS1Bh0o1kc6Fmd3ZUm8PE jclMPM0pCVkj9465pkHe6+Xd6VRSvhrH0ptuKiwAXCYmE2GHBJAp0hctNsoRdjLvKs/Z da/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=5McRs2h2rvQaY1hOmppn2DhIQWDdbeyxX3/ow9TFsWY=; b=jLcHvB7SdUEC/CGES20W44bHV1EWiZOw0Yvk1062MGGYYZMM4GWu0l2SVvkxDtcFHl Oq/98qJAm058+s3rlaHEqrsB92GeTLWiiGvX93LSC9HeKig7bze+8vzY3a/Yc+ZvhnmF rT9hPDbd7CgFv5UiaEo/TIw+2mX/FTrI4Bkva443Z4v9hrd8HQ5S1t/RjY+T9A0eCxE5 cYkE7ULLMvBglVAAQo3IsnLzicn6a90JL9L7NgjOJLnUIxpAlO0uplDgJ6gIJxYX1pDX pStJC8XkVv6wD13NlkxAOiGfwZRIF6SF/gzvIPdV7CmfeByomXA4KWEmczenJy5FPW8k CCNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@batbytes-com.20150623.gappssmtp.com header.s=20150623 header.b=yyvOCWed; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i6si177112ejv.83.2020.05.13.09.54.04; Wed, 13 May 2020 09:54:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@batbytes-com.20150623.gappssmtp.com header.s=20150623 header.b=yyvOCWed; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389471AbgEMQwa (ORCPT + 99 others); Wed, 13 May 2020 12:52:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727120AbgEMQwa (ORCPT ); Wed, 13 May 2020 12:52:30 -0400 Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23459C061A0C for ; Wed, 13 May 2020 09:52:30 -0700 (PDT) Received: by mail-io1-xd42.google.com with SMTP id 79so9565313iou.2 for ; Wed, 13 May 2020 09:52:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=batbytes-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5McRs2h2rvQaY1hOmppn2DhIQWDdbeyxX3/ow9TFsWY=; b=yyvOCWedrXow2BTnlBPoSzxefeBUlqPTLOYTrwybYY7TltWzD6ssezGq4U/ocvTT7t JQ5aI/+N6IRhOMVqRRNFSZ18mZkEkicMu8e9q9P2Qc9uQqU8yFXf+2mT7Knit95PqzbV RhqhwRuIxteRZL2AFtnzRrHJkW7bz+74bCeECYfnDSQuVUygmqfv6c6PdbUp7emgVdrX 02fwwSPuPNEUcMXdoOsORImgUY+KHzayFTQMBTCAv/SbTVPaUD5Q4nnWRJFz2f5jv9w3 06YqehD8TvzjBdXXkiJu9yHDahxLBgeKSPurdpx9iVrEDiEBkKApA1gQuAZClwZk3b9Q znzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5McRs2h2rvQaY1hOmppn2DhIQWDdbeyxX3/ow9TFsWY=; b=S6l41aoxkEqF91H9w2aS1LzG/Q+Acl6+y+Ebm8LyCo3bjm5IRnKQNe8BGlG+mOO76w IwsNhcrCWt/x/cHaIpiWpkiW+cFlIZEIjjVejx51U+r0RUIN+NUAiTRhcRipeCHRQ7Sz CXx/9FZHC869/ydrdSu32YpaP8w2mmGxQnPEPsgz9xWvZpjt055KY/HLheQQmxWOdVZI 7/kbMAd3o5M2MPOcxgejXhMMucpAcJmdYDeGMDx4eyzCGdeIs1SesHKbWdTA/e7c9Ulc hSIrf7W0Aaa7Of0TgsB4FxesZjpp6/XPdCFuslFKgh+Itx2lvHyUxyx9QbtclVf1XGPm i8sg== X-Gm-Message-State: AOAM5301swZPbYrrdw8cwE6Kf0UMAFdH8Wd2VYZEdbOSb/Ubm4yInoEB XjfqdISlx+QolmYNcVgvU/RKi6rAx4/IcXhNF26Olw== X-Received: by 2002:a5e:8705:: with SMTP id y5mr150522ioj.142.1589388749263; Wed, 13 May 2020 09:52:29 -0700 (PDT) MIME-Version: 1.0 References: <20200513161113.GU23230@ZenIV.linux.org.uk> In-Reply-To: <20200513161113.GU23230@ZenIV.linux.org.uk> From: Patrick Donnelly Date: Wed, 13 May 2020 09:52:17 -0700 Message-ID: Subject: Re: file system permissions regression affecting root To: Al Viro Cc: open list , Jeff Layton , xiubli@redhat.com, kchai@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 13, 2020 at 9:11 AM Al Viro wrote: > > On Wed, May 13, 2020 at 08:00:28AM -0700, Patrick Donnelly wrote: > > In newer kernels (at least 5.6), it appears root is not able to write > > to files owned by other users in a sticky directory: > > Yes. Controlled by /proc/sys/fs/protected_regular, which systemd crowd > has decided to enable in commit 2732587540035227fe59e4b64b60127352611b35 > [...] Thanks for the information Al! However, it seems odd that this depends on the owner of the directory. i.e. this protection only seems to be enforced if the sticky directory is owned by root. That's expected? -- Patrick Donnelly