I could just be out of it, but for some reason unlink seems to be permitting removal of files on mounted filesystems that it clearly should not. I noticed this on my default linode install, but just to check I tried a clean debian small image and booted from there.
Code:
(none):~# uname -a
Linux (none) 2.4.25-linode24-1um #1 Sun Mar 28 01:42:20 EST 2004 i686 unknown
(none):~# adduser filoseta
Adding user filoseta...
Adding new group filoseta (1000).
Adding new user filoseta (1000) with group filoseta.
Creating home directory /home/filoseta.
Copying files from /etc/skel
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for filoseta
Enter the new value, or press return for the default
Full Name []: Testing
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/n] y
(none):~# mkdir /mnt/tmp
(none):~# mount /dev/ubde /mnt/tmp
(none):~# mount
/dev/ubda on / type ext3 (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/ubde on /mnt/tmp type ext3 (rw)
(none):~# touch /tmp/a
(none):~# touch /mnt/tmp/a
(none):~# ls -l /tmp/a /mnt/tmp/a
-rw-r--r-- 1 root root 0 Apr 9 15:53 /mnt/tmp/a
-rw-r--r-- 1 root root 0 Apr 9 15:53 /tmp/a
(none):~# su - filoseta
filoseta@(none):~$ id
uid=1000(filoseta) gid=1000(filoseta) groups=1000(filoseta)
filoseta@(none):~$ rm /tmp/a /mnt/tmp/a
rm: remove write-protected file `/tmp/a'? y
rm: cannot unlink `/tmp/a': Operation not permitted
rm: remove write-protected file `/mnt/tmp/a'? y
filoseta@(none):~$ ls -l /tmp/a /mnt/tmp/a
ls: /mnt/tmp/a: No such file or directory
-rw-r--r-- 1 root root 0 Apr 9 15:53 /tmp/a
filoseta@(none):~$ logout
It has been a long week, so it is possible I am just going nuts, but /mnt/tmp/a should not have been deleted, correct?
It seems to be stemming from unlink directly permitting the call (this section is from my normal install where /tmp is mounted because I didn't feel like installing strace on the debian image).
Code:
null root # touch /tmp/a
null root # touch /a
filoseta@null filoseta $ strace unlink /tmp/a
execve("/bin/unlink", ["unlink", "/tmp/a"], [/* 28 vars */]) = 0
uname({sys="Linux", node="null", ...}) = 0
brk(0) = 0x804c000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=27488, ...}) = 0
mmap2(NULL, 27488, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ]\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1305020, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
mmap2(NULL, 1243204, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001d000
mmap2(0x40147000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x129) = 0x40147000
mmap2(0x4014a000, 10308, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4014a000
close(3) = 0
munmap(0x40015000, 27488) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\272)\210\212\233\244\361s\2761%\270\313\245/\311\372\364"..., 32) = 32
close(3) = 0
brk(0) = 0x804c000
brk(0x806d000) = 0x806d000
brk(0) = 0x806d000
unlink("/tmp/a") = 0
exit_group(0) = ?
filoseta@null filoseta $
filoseta@null filoseta $
filoseta@null filoseta $
filoseta@null filoseta $ strace unlink /a
execve("/bin/unlink", ["unlink", "/a"], [/* 28 vars */]) = 0
uname({sys="Linux", node="null", ...}) = 0
brk(0) = 0x804c000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=27488, ...}) = 0
mmap2(NULL, 27488, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ]\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1305020, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
mmap2(NULL, 1243204, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001d000
mmap2(0x40147000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x129) = 0x40147000
mmap2(0x4014a000, 10308, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4014a000
close(3) = 0
munmap(0x40015000, 27488) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\272\221S\0046\230\t\343\217\257d$\2~\306\367\370\266\260"..., 32) = 32
close(3) = 0
brk(0) = 0x804c000
brk(0x806d000) = 0x806d000
brk(0) = 0x806d000
unlink("/a") = -1 EACCES (Permission denied)
write(2, "unlink: ", 8unlink: ) = 8
write(2, "cannot unlink `/a\'", 18cannot unlink `/a') = 18
write(2, ": Permission denied", 19: Permission denied) = 19
write(2, "\n", 1
) = 1
exit_group(1) = ?
I would be much obliged if someone could point out the stupid error I am making. The filesystem in question is just a standard ext3 partion created in the disk images section and attached to the two profiles, no associated fstab line existed in the debian install. On my regular image I have tried changing my default line from defaults,noatime,nosuid,noexec,nodev,usrquota to just defaults,noatime and remounting to no avail.
FAQ
Search
Members
Register
Login [ Anonymous ]
)