Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

archlinux fix #71

Merged
merged 1 commit into from Jun 25, 2020
Merged

archlinux fix #71

merged 1 commit into from Jun 25, 2020

Conversation

CastixGitHub
Copy link

to replicate it (change just USERNAME with an existing user):

USERNAME="castix"

function mktemptest {
    echo "with $1"
    ls -al $1
    file $1
    cat $1
    ls -al $1
    echo "ok" > $1
    echo "ok"
    chown $USERNAME $1
    chmod 777 $1
    ls -al $1
    echo "okok" > $1
    echo "okok"
    echo
    rm $1
}

mktemptest $(mktemp)
mktemptest $(touch here; echo here)
mktemptest $(touch /tmp/here; echo /tmp/here)
ls -ld /tmp

then as root (su or sudo) run it sudo bash test
my output is

with /tmp/tmp.V8KOHGTLPe
-rw------- 1 root root 0 Jun 22 20:45 /tmp/tmp.V8KOHGTLPe
/tmp/tmp.V8KOHGTLPe: empty
-rw------- 1 root root 0 Jun 22 20:45 /tmp/tmp.V8KOHGTLPe
ok
-rwxrwxrwx 1 castix root 3 Jun 22 20:45 /tmp/tmp.V8KOHGTLPe
test: line 14: /tmp/tmp.V8KOHGTLPe: Permission denied
okok

with here
-rw-r--r-- 1 root root 0 Jun 22 20:45 here
here: empty
-rw-r--r-- 1 root root 0 Jun 22 20:45 here
ok
-rwxrwxrwx 1 castix root 3 Jun 22 20:45 here
okok

with /tmp/here
-rw-r--r-- 1 root root 0 Jun 22 20:45 /tmp/here
/tmp/here: empty
-rw-r--r-- 1 root root 0 Jun 22 20:45 /tmp/here
ok
-rwxrwxrwx 1 castix root 3 Jun 22 20:45 /tmp/here
test: line 14: /tmp/here: Permission denied
okok

drwxrwxrwt 13 root root 540 Jun 22 20:45 /tmp

as you can see it says permission denied (even with chmod 777)
if I run it without root privileges it will execute fine.

tried it also across reboot, and more interesting tried also in raspbian and here's the output

root@biancucia:/home/pi# bash test
with /tmp/tmp.c2cTpdah83
-rw------- 1 root root 0 Jun 22 19:35 /tmp/tmp.c2cTpdah83
/tmp/tmp.c2cTpdah83: empty
-rw------- 1 root root 0 Jun 22 19:35 /tmp/tmp.c2cTpdah83
ok
-rwxrwxrwx 1 pi root 3 Jun 22 19:35 /tmp/tmp.c2cTpdah83
okok

with here
-rw-r--r-- 1 root root 0 Jun 22 19:35 here
here: empty
-rw-r--r-- 1 root root 0 Jun 22 19:35 here
ok
-rwxrwxrwx 1 pi root 3 Jun 22 19:35 here
okok

with /tmp/here
-rw-r--r-- 1 root root 0 Jun 22 19:35 /tmp/here
/tmp/here: empty
-rw-r--r-- 1 root root 0 Jun 22 19:35 /tmp/here
ok
-rwxrwxrwx 1 pi root 3 Jun 22 19:35 /tmp/here
okok

drwxrwxrwt 9 root root 4096 Jun 22 19:35 /tmp

for completeness here's uname -a
Linux triangolo 5.7.3-arch1-1 #1 SMP PREEMPT Wed, 17 Jun 2020 19:42:12 +0000 x86_64 GNU/Linux

so, write the config file, then set the owner

@CastixGitHub
Copy link
Author

finally found an answer

https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp

fs.protected_regular Linux kernel parameter

@lesion lesion merged commit b424287 into orjail:master Jun 25, 2020
@heinrich5991 heinrich5991 mentioned this pull request Oct 14, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@CastixGitHub @lesion