Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754825Ab0AEQAn (ORCPT ); Tue, 5 Jan 2010 11:00:43 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754572Ab0AEQAm (ORCPT ); Tue, 5 Jan 2010 11:00:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:28557 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754400Ab0AEQAl (ORCPT ); Tue, 5 Jan 2010 11:00:41 -0500 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <78aa970c1001020516m3d2255fj38f02629e7d740c8@mail.gmail.com> References: <78aa970c1001020516m3d2255fj38f02629e7d740c8@mail.gmail.com> To: Kevin Qu , Jeff Epler Cc: dhowells@redhat.com, linux-kernel@vger.kernel.org Subject: Re: how to get right euid? Date: Tue, 05 Jan 2010 16:00:33 +0000 Message-ID: <17885.1262707233@redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1513 Lines: 47 Kevin Qu wrote: > I wrote a kernel module and it create a "file" in /proc. > The "file" permission is set to 644. > When check access permission, I use : Check where? In file_operations::open(), in file_operations::write() or in inode_operations::permission()? > if( op == 4 || (op ==2 && current->euid == 0) ) > return 0; > > But it does not work on 2.6.29, > so I changed it like below: > > if( op & 0x4 || (op & 0x2 && current_euid() == 0) ) > return 0; What is op? Is "op == N" equivalent to "op & N"? Should N be a symbolic constant (MAY_READ or MAY_WRITE)? > It works when read from the "file" in /proc, > but when write to it with sudo, like: > > sudo echo "some thing" > /proc/my_file > > It denied. (But it works when I su to superuser and do so.) > > So I checked the current_euid(), > but it returns 1000 (not 0),Why? As Jeff said, where you're making the check matters. In the above sudo command, the open() call is done by the shell, under the EUID of whoever is logged in, whereas the write() call is done by the echo command as executed by sudo, under the EUID set by sudo. Note that if you're making the check in write(), the UID that you're checking should be the one in struct file::f_cred. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/