Date: Fri, 27 Nov 2009 19:56:59 +0300 From: Anthony Pankov <ap00@mail.ru> To: freebsd-hackers@freebsd.org Subject: ucred when euid/egid Message-ID: <15434604890.20091127195659@mail.ru>
next in thread | raw e-mail | index | archive | help
Hello, I face some misunderstood situation related to the access permissions. There is a program(script) with the suid/sgid (mode 6555): r-sr-sr-x fuser:proggroup theprog There is a file: rw-rw---- someone:filegroup thefile User 'fuser' (==program euid) have primary group 'filegroup'(==group, who can read/write thefile). Program try to read(write) thefile and fail with permissions. I don't fully understand why. According VOP_ACCESS(9) there is a check /* Otherwise, check the groups. */ for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++) ... So, i have only one assumption: when seteuided program executed ucred struct and cred->cr_groups doesn't change accordingly to euid/egid and stay the same as for executor. Is this a bug (how can i fix it) or feature (how can i bypass it)? -- Best regards, Anthony mailto:ap00@mail.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15434604890.20091127195659>