RE: For when a new stable release?

To:	John Trostel <jtrostel@xxxxxxxxxx>
Subject:	RE: For when a new stable release?
From:	Austin Gonyou <austin@xxxxxxxxxxxxxxx>
Date:	Tue, 15 May 2001 12:08:43 -0500 (CDT)
Cc:	ML do XFS <linux-xfs@xxxxxxxxxxx>, ML do XFS <linux-xfs@xxxxxxxxxxx>, Mário Gamito <mg-listas@xxxxxxxxxxx>
In-reply-to:	<XFMail.20010515124119.jtrostel@connex.com>
Sender:	owner-linux-xfs@xxxxxxxxxxx

I agree with this. but my problem is ACLs should protect. At this point
the file can still be modified/deleted by ANYONE if I chmod 777 that file.
What's the point of ACLs if they don't stop malicios behaviour?

-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: austin@xxxxxxxxxxxxxxx

On Tue, 15 May 2001, John Trostel wrote:

> But you just changed the acl!
>
> 1. setup the acl on file 'jt_junk'
>
> [jt@jtsdell xfs_part]$ chacl u::rwx,g::rwx,o::r-x,u:user1:r--,m::rwx jt_junk
>
> 2. look at the 'normal' part of the acl with just 'ls -l'
>
> [jt@jtsdell xfs_part]$ ls -l jt_junk
> -rwxrwxr-x    1 jt       jt              0 May 11 13:36 jt_junk
>
>
> 3. change the 'normal' part of the acl with 'chmod'
>
> [jt@jtsdell xfs_part]$ chmod 777 jt_junk
>
> 4. look at the 'normal' part of the acl with just 'ls -l'
>
> [jt@jtsdell xfs_part]$ ls -l jt_junk
> -rwxrwxrwx    1 jt       jt              0 May 11 13:36 jt_junk
>
> 5. look at the entire acl with 'chacl -l'
>
> [jt@jtsdell xfs_part]$ chacl -l jt_junk
> jt_junk [u::rwx,g::rwx,o::rwx,u:user1:r--,m::rwx]
>
> The part of the acl not affected by the 'normal' command 'chmod' is still
> there! Just because I have acls enabled on a file system should not mean that 
> I
> should be precluded from using the 'normal' tools to work on the files.  That
> would break many things!
>
> On 15-May-2001 Austin Gonyou wrote:
> > One thing I think he's thinking about, when it comes to acl setting is
> > something like this:
> >
> > server[/home/userx]#>chacl u:5:,g:4:,o:0: somefile
>
> You should have done an 'ls -l' to see what the permissions were here! I
> suspect they would have been 540.
>
> > server[/home/userx]#>exit
> > server[/home/userx]$>chmod 777 somefile
>
> Now you've changed the permissions back to 777.
>
> > server[/home/userx]$>ls -l somefile
> > -rwxrwxrwx    1 userx   userx     72178 May  15 10:25 somefile
>
>
> And you see these 777 permissions with ls -l
>
> > I don't quite understand here. What good is setting ACLs on files if they
> > don't stick? Aside from that, that's my only gripe. I need to go do some
> > testing with directories next. :)
>
> Why should they stick if you have appropriate permission to change them?
>
>

<Prev in Thread]	Current Thread	[Next in Thread>
For when a new stable release?, Mário Gamito RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou <= RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou Re: For when a new stable release?, Danny Cox RE: For when a new stable release?, Tom Duffy minor mkfs.xfs.8 page bug, Chris Pascoe

Previous by Date:	Re: Stopping/deactivating volume groups, Austin Gonyou
Next by Date:	Re: Stopping/deactivating volume groups, Martin K. Petersen
Previous by Thread:	RE: For when a new stable release?, John Trostel
Next by Thread:	RE: For when a new stable release?, John Trostel
Indexes:	[Date] [Thread] [Top] [All Lists]