From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from fieldses.org ([173.255.197.46]:42748 "EHLO fieldses.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751030AbdAQTf6 (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 17 Jan 2017 14:35:58 -0500
Date: Tue, 17 Jan 2017 14:35:57 -0500
To: Theodore Ts'o <tytso@mit.edu>
Cc: Jan Stancek <jstancek@redhat.com>, linux-fsdevel@vger.kernel.org,
        viro@ZenIV.linux.org.uk, guaneryu@gmail.com, mszeredi@redhat.com,
        Cyril Hrubis <chrubis@suse.cz>, ltp@lists.linux.it,
        mtk.manpages@gmail.com
Subject: Re: utimensat EACCES vs. EPERM in 4.8+
Message-ID: <20170117193557.GA17332@fieldses.org>
References: <18a5b416-ad6a-e679-d993-af7ffa0dcc10@redhat.com>
 <20170117044104.ktrtizpzhghqludn@thunk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170117044104.ktrtizpzhghqludn@thunk.org>
From: bfields@fieldses.org (J. Bruce Fields)
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Mon, Jan 16, 2017 at 11:41:05PM -0500, Theodore Ts'o wrote:
> On Mon, Jan 16, 2017 at 04:46:45PM +0100, Jan Stancek wrote:
> > 4.9 kernel and simple touch on immutable file gives me:
> > utimensat(AT_FDCWD, "afile", NULL, 0)   = -1 EPERM (Operation not permitted)
> > 
> > while an older kernel it gives me:
> > utimensat(AT_FDCWD, "afile", NULL, 0)   = -1 EACCES (Permission denied)
> > 
> > Do we need to update man page or fix kernel back to return EACCES?
> 
> Quoting from: http://blog.unclesniper.org/archives/2-Linux-programmers,-learn-the-difference-between-EACCES-and-EPERM-already!.html
>    It appears that many programmers are unaware that there is a
>    fundamental difference between the error codes EACCES (aka
>    "Permission denied") and EPERM (aka "Operation not permitted"). In
>    particular, a lot of code returns EPERM when they really mean
>    EACCES:
> 
>    mist% killall sshd
>    sshd(2244): Operation not permitted

That's posix, not just linux.

>    To clear this up: "Permission denied" means just that -- the
>    process has insufficient privileges to perform the requested
>    operation. Simply put, this means that "trying the same thing as
>    root will work".

Where did this blog entry come from?  I've never seen the ACCES/PERM
distinction made that way anywhere else.  Posix says:

	[EACCES]
	    Permission denied. An attempt was made to access a file in a
	    way forbidden by its file access permissions.
	[EPERM]
	    Operation not permitted. An attempt was made to perform an
	    operation limited to processes with appropriate privileges
	    or to the owner of a file or other resource.

So EPERM is exactly for attempts to do things that are reserved for root
(or process with appropriate capabilities or whatever).

--b.