From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ondrej Palkovsky Subject: setfsuid() and access() syscall Date: Tue, 04 Aug 2009 22:55:35 +0200 Message-ID: <4A78A047.8040800@penguin.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit To: linux-fsdevel@vger.kernel.org Return-path: Received: from ns.penguin.cz ([84.21.108.25]:59590 "EHLO ns.penguin.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933020AbZHDVYF (ORCPT ); Tue, 4 Aug 2009 17:24:05 -0400 Received: from localhost (localhost [127.0.0.1]) by ns.penguin.cz (Postfix) with ESMTP id 1A4651409714 for ; Tue, 4 Aug 2009 22:59:12 +0200 (CEST) Received: from ns.penguin.cz ([127.0.0.1]) by localhost (ns.penguin.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZ0g8h4e3eQg for ; Tue, 4 Aug 2009 22:59:12 +0200 (CEST) Received: from [127.0.0.1] (mail.gapp.cz [62.24.87.230]) by ns.penguin.cz (Postfix) with ESMTP id D493C1416BA5 for ; Tue, 4 Aug 2009 22:59:11 +0200 (CEST) Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Hello, the access() syscall (to find out if the user has permission to do something on file) does not seem to reflect the setfsuid() syscall. There are 2 conflicting pieces of information: - kernel/sys.c: /* * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This * is used for "access()" and for the NFS daemon (letting nfsd stay at * whatever uid it wants to). It normally shadows "euid", except when * explicitly set by setfsuid() or for access.. */ - fs/namei.c /* * access() needs to use the real uid/gid, not the effective uid/gid. * We do this by temporarily clearing all FS-related capabilities and * switching the fsuid/fsgid around to the real ones. */ The resulting behaviour (2.6.18, 2.6.28, source code for 2.6.30 seems to be the same) seems to be that access() is dependent on uid, not fsuid - this seems to me to be a bug, which unfortunately somewhat inhibits multithreaded file servers that want to use access() e.g. for ACL checks. Is there some reason why it is implemented the way it is as it looks like an intention? Best regards Ondrej Palkovsky