From: Christoph Hellwig <hch@infradead.org>
To: xfs@oss.sgi.com
Cc: Tim Shimmin <tes@sgi.com>
Subject: [PATCH 2/3] remove restricted_chown parameter
Date: Mon, 27 Oct 2008 09:36:37 -0400 [thread overview]
Message-ID: <20081027133637.GC761@infradead.org> (raw)
[-- Attachment #1: xfs-kill-restricted-chown --]
[-- Type: text/plain, Size: 6504 bytes --]
From: Tim Shimmin <tes@sgi.com>
On Linux all filesystems are supposed to be operating under
Posix' restricted chown. Restricted chown means it restricts
chown to the owner unless you have CAP_FOWNER.
[hch: forward-ported to the current tree]
Signed-off-by: Tim Shimmin <tes@sgi.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_globals.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_globals.c 2008-10-15 13:31:22.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_globals.c 2008-10-15 13:31:22.000000000 +0200
@@ -26,7 +26,6 @@
*/
xfs_param_t xfs_params = {
/* MIN DFLT MAX */
- .restrict_chown = { 0, 1, 1 },
.sgid_inherit = { 0, 0, 1 },
.symlink_mode = { 0, 0, 1 },
.panic_mask = { 0, 0, 255 },
Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_linux.h
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_linux.h 2008-10-14 19:55:29.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_linux.h 2008-10-22 09:29:08.000000000 +0200
@@ -112,7 +111,6 @@
#define HAVE_DMAPI
#endif
-#define restricted_chown xfs_params.restrict_chown.val
#define irix_sgid_inherit xfs_params.sgid_inherit.val
#define irix_symlink_mode xfs_params.symlink_mode.val
#define xfs_panic_mask xfs_params.panic_mask.val
Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_sysctl.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_sysctl.c 2008-10-14 19:55:29.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_sysctl.c 2008-10-15 13:31:22.000000000 +0200
@@ -56,17 +56,6 @@ xfs_stats_clear_proc_handler(
static ctl_table xfs_table[] = {
{
- .ctl_name = XFS_RESTRICT_CHOWN,
- .procname = "restrict_chown",
- .data = &xfs_params.restrict_chown.val,
- .maxlen = sizeof(int),
- .mode = 0644,
- .proc_handler = &proc_dointvec_minmax,
- .strategy = &sysctl_intvec,
- .extra1 = &xfs_params.restrict_chown.min,
- .extra2 = &xfs_params.restrict_chown.max
- },
- {
.ctl_name = XFS_SGID_INHERIT,
.procname = "irix_sgid_inherit",
.data = &xfs_params.sgid_inherit.val,
Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_sysctl.h
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_sysctl.h 2008-10-14 19:55:29.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_sysctl.h 2008-10-15 13:31:22.000000000 +0200
@@ -31,7 +31,6 @@ typedef struct xfs_sysctl_val {
} xfs_sysctl_val_t;
typedef struct xfs_param {
- xfs_sysctl_val_t restrict_chown;/* Root/non-root can give away files.*/
xfs_sysctl_val_t sgid_inherit; /* Inherit S_ISGID if process' GID is
* not a member of parent dir GID. */
xfs_sysctl_val_t symlink_mode; /* Link creat mode affected by umask */
@@ -68,7 +67,7 @@ typedef struct xfs_param {
enum {
/* XFS_REFCACHE_SIZE = 1 */
/* XFS_REFCACHE_PURGE = 2 */
- XFS_RESTRICT_CHOWN = 3,
+ /* XFS_RESTRICT_CHOWN = 3 */
XFS_SGID_INHERIT = 4,
XFS_SYMLINK_MODE = 5,
XFS_PANIC_MASK = 6,
Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_ioctl.c 2008-10-15 13:31:22.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c 2008-10-22 09:29:45.000000000 +0200
@@ -1104,10 +1104,6 @@ xfs_ioctl_setattr(
/*
* Change file ownership. Must be the owner or privileged.
- * If the system was configured with the "restricted_chown"
- * option, the owner is not permitted to give away the file,
- * and can change the group id only to a group of which he
- * or she is a member.
*/
if (mask & FSX_PROJID) {
/*
Index: linux-2.6-xfs/fs/xfs/xfs_vnodeops.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/xfs_vnodeops.c 2008-10-15 13:31:22.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/xfs_vnodeops.c 2008-10-22 09:29:45.000000000 +0200
@@ -210,10 +210,6 @@ xfs_setattr(
/*
* Change file ownership. Must be the owner or privileged.
- * If the system was configured with the "restricted_chown"
- * option, the owner is not permitted to give away the file,
- * and can change the group id only to a group of which he
- * or she is a member.
*/
if (mask & (ATTR_UID|ATTR_GID)) {
/*
@@ -237,9 +233,8 @@ xfs_setattr(
* shall be equal to either the group ID or one of the
* supplementary group IDs of the calling process.
*/
- if (restricted_chown &&
- (iuid != uid || (igid != gid &&
- !in_group_p((gid_t)gid))) &&
+ if ((iuid != uid ||
+ (igid != gid && !in_group_p((gid_t)gid))) &&
!capable(CAP_CHOWN)) {
code = XFS_ERROR(EPERM);
goto error_return;
@@ -433,10 +428,6 @@ xfs_setattr(
/*
* Change file ownership. Must be the owner or privileged.
- * If the system was configured with the "restricted_chown"
- * option, the owner is not permitted to give away the file,
- * and can change the group id only to a group of which he
- * or she is a member.
*/
if (mask & (ATTR_UID|ATTR_GID)) {
/*
Index: linux-2.6-xfs/Documentation/filesystems/xfs.txt
===================================================================
--- linux-2.6-xfs.orig/Documentation/filesystems/xfs.txt 2008-10-14 19:55:29.000000000 +0200
+++ linux-2.6-xfs/Documentation/filesystems/xfs.txt 2008-10-15 13:31:22.000000000 +0200
@@ -229,10 +229,6 @@ The following sysctls are available for
ISGID bit is cleared if the irix_sgid_inherit compatibility sysctl
is set.
- fs.xfs.restrict_chown (Min: 0 Default: 1 Max: 1)
- Controls whether unprivileged users can use chown to "give away"
- a file to another user.
-
fs.xfs.inherit_sync (Min: 0 Default: 1 Max: 1)
Setting this to "1" will cause the "sync" flag set
by the xfs_io(8) chattr command on a directory to be
Index: linux-2.6-xfs/kernel/sysctl_check.c
===================================================================
--- linux-2.6-xfs.orig/kernel/sysctl_check.c 2008-10-14 19:55:29.000000000 +0200
+++ linux-2.6-xfs/kernel/sysctl_check.c 2008-10-15 13:31:22.000000000 +0200
@@ -731,7 +731,6 @@ static const struct trans_ctl_table tran
};
static const struct trans_ctl_table trans_fs_xfs_table[] = {
- { XFS_RESTRICT_CHOWN, "restrict_chown" },
{ XFS_SGID_INHERIT, "irix_sgid_inherit" },
{ XFS_SYMLINK_MODE, "irix_symlink_mode" },
{ XFS_PANIC_MASK, "panic_mask" },
--
next reply other threads:[~2008-10-27 13:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-27 13:36 Christoph Hellwig [this message]
2008-10-28 2:54 ` [PATCH 2/3] remove restricted_chown parameter Dave Chinner
-- strict thread matches above, loose matches on Subject: below --
2008-10-26 20:35 Christoph Hellwig
2008-09-29 21:53 [PATCH 2/3] Remove " Christoph Hellwig
2008-09-29 22:36 ` Eric Sandeen
2008-09-30 9:33 ` Christoph Hellwig
2008-10-01 13:34 ` Christoph Hellwig
2008-10-07 20:29 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081027133637.GC761@infradead.org \
--to=hch@infradead.org \
--cc=tes@sgi.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.