 |
  |
Page 1 of 1
|
[ 11 posts ] |
|
getfattr on non-root symlinks is denied
| Author |
Message |
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
 getfattr on non-root symlinks is denied Steps to reproduce:
1. Create (mkntfs) an NTFS filesystem, and mount with usermapping=..., mapping being, e.g.:
::S-1-5-21-3141592653-589793238-462643383-10000
2. Create a symlink on the filesystem as regular user (not root)
3. "getfattr -h symlink" as regular user -> "Permission denied"
The above means that, for instance, "rsync -X" fails when executed by regular user.
Thanks!
|
| Mon Jul 09, 2012 01:08 |
  |
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1009
|
Re: getfattr on non-root symlinks is denied Hi, Quote: "getfattr -h symlink" as regular user -> "Permission denied" You cannot set user-type extended attributes on a symlink, hence you cannot retrieve them : On ext3 : Code: [linux@pavilion2 ntfs-3g]$ ln -s err symlink
[linux@pavilion2 ntfs-3g]$ ls -l symlink err
-rw-rw-r-- 1 linux linux 0 Feb 29 18:39 err
lrwxrwxrwx 1 linux linux 3 Jul 9 08:36 symlink -> err
[linux@pavilion2 ntfs-3g]$ setfattr -h -n user.color -v blue symlink
setfattr: symlink: Operation not permitted
[linux@pavilion2 ntfs-3g]$ getfattr -h -n user.color symlink
symlink: user.color: No such attribute On ntfs : Code: [linux@pavilion2 c-src]$ ln -s err symlink
[linux@pavilion2 c-src]$ ls -l symlink err
-rw-r--r-- 1 linux linux 370 Jun 21 15:50 err
lrwxrwxrwx 1 linux linux 14 Jul 9 08:30 symlink -> err
[linux@pavilion2 c-src]$ setfattr -h -n user.color -v blue symlink
setfattr: symlink: Operation not permitted
[linux@pavilion2 c-src]$ getfattr -h -n user.color symlink
symlink: user.color: No such attribute If you got "permission denied", you were probably querying a non user-type extended attribute, and specific rules apply. Quote: The above means that, for instance, "rsync -X" fails when executed by regular user AFAIK rsync -X only copies user-type extended attributes. Regards Jean-Pierre
|
| Mon Jul 09, 2012 08:50 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied However, on ext3: Code: > getfattr -h symlink
>
whereas on ntfs (mounted with a usermapping): Code: > getfattr -h symlink
getfattr: symlink: permission denied
> rsync -aX . /tmp/test
rsync: get_xattr_names: llistxattr(""/tmp/mnt2/./symlink"",1024) failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1052) [sender=3.0.9]
> echo $?
23
> ls /tmp/test/
err
The error returned by ntfs-3g (if any) should probably be "Operation not supported", not "Permission denied".
|
| Mon Jul 09, 2012 13:15 |
|
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1009
|
Re: getfattr on non-root symlinks is denied Hi, Quote: The error returned by ntfs-3g (if any) should probably be "Operation not supported", not "Permission denied". Which kernel (and ntfs-3g) versions are you using ? There have been bugs related to this in the past, for example : https://bugzilla.redhat.com/show_bug.cgi?id=660613Regards Jean-Pierre
|
| Mon Jul 09, 2012 14:18 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied I am using ntfs-3g 2012.1.15, and Gentoo Hardened kernel 3.2.11. Are you unable to reproduce the bug? Try running "getfattr -h" on the symlink in your example, as non-root user.
|
| Mon Jul 09, 2012 14:42 |
|
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1009
|
Re: getfattr on non-root symlinks is denied Hi, Quote: Are you unable to reproduce the bug? Yes. Quote: Try running "getfattr -h" on the symlink in your example, as non-root user. The examples I showed were obviously done as user "linux". You can differentiate ntfs from ext3 from the size of symlink (on ext3 it is the target path length, on ntfs a prefix of about 10 bytes plus alignment has to be added). I have retried with the symlink being created by root, but queried as a user : same result (notice "getfattr -h -d", which is the command-line variant of llistxattr(2) used by rsync). Code: [linux@dimension acls]$ ls -l symlink
lrwxrwxrwx 1 root root 14 Jul 9 17:17 symlink -> err
[linux@dimension acls]$ setfattr -h -n user.color -v blue symlink
setfattr: symlink: Operation not permitted
[linux@dimension acls]$ getfattr -h -n user.color symlink
symlink: user.color: No such attribute
[linux@dimension acls]$ getfattr -h -d symlink
[linux@dimension acls]$ What kind of symlink is yours ? if this is a symlink to a file or directory which the user cannot access, the bug in libattr may have come back (see the link posted earlier). What is your libattr version (I am using 2.4.44) ? Can you retry the same commands I did, both on ext3 and on ntfs ? Regards Jean-Pierre
|
| Mon Jul 09, 2012 17:34 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied Quote: What kind of symlink is yours ? if this is a symlink to a file or directory which the user cannot access, the bug in libattr may have come back (see the link posted earlier).
It's unlikely the same bug, since removing the "-h" switch inhibits the error. Please see below for the exact permissions. Quote: What is your libattr version (I am using 2.4.44) ?
I am using attr-2.4.46 in Gentoo. Quote: Can you retry the same commands I did, both on ext3 and on ntfs ?
Sure. Partitions are created as follows: Code: truncate -s 3M /tmp/img.ntfs
losetup /dev/loop2 /tmp/img.ntfs
mkntfs /dev/loop2
mkdir /tmp/mnt.ntfs
echo "::S-1-5-21-2984658991-3481575564-650048683-10000" > /etc/ntfs-3g.map
mount -t ntfs-3g -o usermapping=/etc/ntfs-3g.map /dev/loop2 /tmp/mnt.ntfs
chmod 1777 /tmp/mnt.ntfs
Code: truncate -s 3M /tmp/img.ext3
losetup /dev/loop3 /tmp/img.ext3
mkfs.ext3 /dev/loop3
mkdir /tmp/mnt.ext3
mount -t ext3 -o user_xattr /dev/loop3 /tmp/mnt.ext3
chmod 1777 /tmp/mnt.ext3
Then, as regular user: Code: /tmp/mnt.ntfs $ umask 022
/tmp/mnt.ntfs $ touch err
/tmp/mnt.ntfs $ ln -s err symlink
/tmp/mnt.ntfs $ ls -l
total 1
-rw-r--r-- 1 user group 0 Jul 9 17:17 err
lrwxrwxrwx 1 user group 14 Jul 9 17:17 symlink -> err
/tmp/mnt.ntfs $ setfattr -h -n user.color -v blue symlink
setfattr: symlink: Operation not permitted
/tmp/mnt.ntfs $ getfattr -h -n user.color symlink
symlink: user.color: No such attribute
/tmp/mnt.ntfs $ getfattr -h -d symlink
getfattr: symlink: Permission denied
/tmp/mnt.ntfs $ getfattr -d symlink
/tmp/mnt.ntfs $
Running "getfattr -h -d symlink" as root does not result in an error, and chowning either the file or the symlink (chown -h), or both, to root does not affect regular user's error. Running the same commands as regular user in the ext3 directory: Code: /tmp/mnt.ext3 $ umask 022
/tmp/mnt.ext3 $ touch err
/tmp/mnt.ext3 $ ln -s err symlink
/tmp/mnt.ext3 $ ls -l
total 0
-rw-r--r-- 1 user group 0 Jul 9 17:26 err
lrwxrwxrwx 1 user group 3 Jul 9 17:26 symlink -> err
/tmp/mnt.ext3 $ setfattr -h -n user.color -v blue symlink
setfattr: symlink: Operation not permitted
/tmp/mnt.ext3 $ getfattr -h -n user.color symlink
symlink: user.color: No such attribute
/tmp/mnt.ext3 $ getfattr -h -d symlink
/tmp/mnt.ext3 $ getfattr -d symlink
/tmp/mnt.ext3 $
|
| Mon Jul 09, 2012 19:32 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied Just retested the problem on an old setup with non-hardened Gentoo kernel 2.6.32, ntfs3g-2010.8.8, attr-2.4.43 — same result.
|
| Mon Jul 09, 2012 19:47 |
|
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1009
|
Re: getfattr on non-root symlinks is denied Hi, Ok, this is the faulty one, and I could reproduce it : Quote: Code: /tmp/mnt.ntfs $ getfattr -h -d symlink
getfattr: symlink: Permission denied And the bug only shows when the Posix ACLs are enabled. Can you try the attached patch ? This is a quick one which returns with no result and no error for all special files (symlinks, fifo, sockets, etc.). I still have to check what should be done for each special type, but this may unblock you. Otherwise you may reconfigure without the option --enable-posix-acls and recompile. Regards Jean-Pierre
|
| Mon Jul 09, 2012 21:39 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied Sure, will try and report back, thanks. I am not blocked on this bug, by the way — just wanted to report an issue. NTFS-3G is indeed compiled with POSIX ACLs support here: Code: sys-fs/ntfs3g-2012.1.15-r1 was built with the following:
USE="acl crypt external-fuse ntfsprogs xattr -debug -extras -static-libs -suid -udev"
and Code: sys-fs/ntfs3g-2010.8.8 was built with the following:
USE="acl external-fuse (multilib) udev -debug -suid"
on an older setup.
|
| Mon Jul 09, 2012 21:53 |
|
|
|
mkdesu
Joined: Mon Jul 09, 2012 01:00
Posts: 7
|
Re: getfattr on non-root symlinks is denied Hi, the patch fixed the problem.
Thanks!
|
| Tue Jul 10, 2012 01:49 |
|
|
|
|
Page 1 of 1
|
[ 11 posts ] |
|
Who is online |
Users browsing this forum: Google [Bot] and 3 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
|
