suser() -> capable() for linux/fs

Alexander Kjeldaas (astor@guardian.no)
Thu, 23 Apr 1998 18:31:11 +0200
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexander Kjeldaas: "suser() -> capable() for linux/net"
Previous message: Rik van Riel: "Re: Blocksize question"
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
This patch changes all suser() to capable() in linux/fs.
astor
-- 
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=cap_97_3_fs

diff -urN /tmp/linux/fs/affs/namei.c lp97/fs/affs/namei.c
--- /tmp/linux/fs/affs/namei.c	Tue Feb 24 07:01:26 1998
+++ lp97/fs/affs/namei.c	Thu Apr 23 00:50:08 1998
@@ -245,7 +245,7 @@
 	if (S_ISDIR(inode->i_mode))
 		goto unlink_done;
 	if (current->fsuid != inode->i_uid &&
-	    current->fsuid != dir->i_uid && !fsuser())
+	    current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto unlink_done;
 
 	if ((retval = affs_remove_header(bh,inode)) < 0)
@@ -363,7 +363,7 @@
 
 	retval = -EPERM;
         if (current->fsuid != inode->i_uid &&
-            current->fsuid != dir->i_uid && !fsuser())
+            current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto rmdir_done;
 	if (inode->i_dev != dir->i_dev)
 		goto rmdir_done;
diff -urN /tmp/linux/fs/attr.c lp97/fs/attr.c
--- /tmp/linux/fs/attr.c	Sun Jan  4 09:53:41 1998
+++ lp97/fs/attr.c	Wed Apr 22 22:47:11 1998
@@ -27,28 +27,28 @@
 	/* Make sure a caller can chown. */
 	if ((ia_valid & ATTR_UID) &&
 	    (current->fsuid != inode->i_uid ||
-	     attr->ia_uid != inode->i_uid) && !fsuser())
+	     attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
 		goto error;
 
 	/* Make sure caller can chgrp. */
 	if ((ia_valid & ATTR_GID) &&
 	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
-	    !fsuser())
+	    !capable(CAP_CHOWN))
 		goto error;
 
 	/* Make sure a caller can chmod. */
 	if (ia_valid & ATTR_MODE) {
-		if ((current->fsuid != inode->i_uid) && !fsuser())
+		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
 			goto error;
 		/* Also check the setgid bit! */
 		if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
-				inode->i_gid) && !fsuser())
+				inode->i_gid) && !capable(CAP_FSETID))
 			attr->ia_mode &= ~S_ISGID;
 	}
 
 	/* Check for setting the inode time. */
 	if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
-		if (current->fsuid != inode->i_uid && !fsuser())
+		if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
 			goto error;
 	}
 fine:
@@ -75,7 +75,7 @@
 		inode->i_ctime = attr->ia_ctime;
 	if (ia_valid & ATTR_MODE) {
 		inode->i_mode = attr->ia_mode;
-		if (!in_group_p(inode->i_gid) && !fsuser())
+		if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
 			inode->i_mode &= ~S_ISGID;
 	}
 	mark_inode_dirty(inode);
diff -urN /tmp/linux/fs/autofs/root.c lp97/fs/autofs/root.c
--- /tmp/linux/fs/autofs/root.c	Sat Apr  4 19:45:14 1998
+++ lp97/fs/autofs/root.c	Thu Apr 23 00:51:15 1998
@@ -478,7 +478,7 @@
 	     _IOC_NR(cmd) - _IOC_NR(AUTOFS_IOC_FIRST) >= AUTOFS_IOC_COUNT )
 		return -ENOTTY;
 	
-	if ( !autofs_oz_mode(sbi) && !fsuser() )
+	if ( !autofs_oz_mode(sbi) && !capable(CAP_SYS_ADMIN) )
 		return -EPERM;
 	
 	switch(cmd) {
diff -urN /tmp/linux/fs/buffer.c lp97/fs/buffer.c
--- /tmp/linux/fs/buffer.c	Tue Apr  7 02:48:34 1998
+++ lp97/fs/buffer.c	Wed Apr 22 22:50:50 1998
@@ -1871,7 +1871,7 @@
 	int i, error = -EPERM;
 
 	lock_kernel();
-	if (!suser())
+	if (!capable(CAP_SYS_ADMIN))
 		goto out;
 
 	if (func == 1) {
diff -urN /tmp/linux/fs/dquot.c lp97/fs/dquot.c
--- /tmp/linux/fs/dquot.c	Thu Mar  5 20:55:06 1998
+++ lp97/fs/dquot.c	Wed Apr 22 22:54:24 1998
@@ -375,7 +375,8 @@
 	if (inodes <= 0 || dquot->dq_flags & DQ_FAKE)
 		return(QUOTA_OK);
 	if (dquot->dq_ihardlimit &&
-	   (dquot->dq_curinodes + inodes) > dquot->dq_ihardlimit && !fsuser()) {
+	   (dquot->dq_curinodes + inodes) > dquot->dq_ihardlimit && 
+	    !capable(CAP_SYS_RESOURCE)) {
 		if ((dquot->dq_flags & DQ_INODES) == 0 &&
                      need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: write failed, %s file limit reached\r\n",
@@ -387,7 +388,8 @@
 	}
 	if (dquot->dq_isoftlimit &&
 	   (dquot->dq_curinodes + inodes) > dquot->dq_isoftlimit &&
-	    dquot->dq_itime && CURRENT_TIME >= dquot->dq_itime && !fsuser()) {
+	    dquot->dq_itime && CURRENT_TIME >= dquot->dq_itime && 
+	    !capable(CAP_SYS_RESOURCE)) {
                 if (need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: warning, %s file quota exceeded too long.\r\n",
 		        	dquot->dq_mnt->mnt_dirname, quotatypes[type]);
@@ -397,7 +399,8 @@
 	}
 	if (dquot->dq_isoftlimit &&
 	   (dquot->dq_curinodes + inodes) > dquot->dq_isoftlimit &&
-	    dquot->dq_itime == 0 && !fsuser()) {
+	    dquot->dq_itime == 0 && 
+	    !capable(CAP_SYS_RESOURCE)) {
                 if (need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: warning, %s file quota exceeded\r\n",
 		        	dquot->dq_mnt->mnt_dirname, quotatypes[type]);
@@ -413,7 +416,8 @@
 	if (blocks <= 0 || dquot->dq_flags & DQ_FAKE)
 		return(QUOTA_OK);
 	if (dquot->dq_bhardlimit &&
-	   (dquot->dq_curblocks + blocks) > dquot->dq_bhardlimit && !fsuser()) {
+	   (dquot->dq_curblocks + blocks) > dquot->dq_bhardlimit && 
+	    !capable(CAP_SYS_RESOURCE)) {
 		if ((dquot->dq_flags & DQ_BLKS) == 0 &&
                      need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: write failed, %s disk limit reached.\r\n",
@@ -425,7 +429,8 @@
 	}
 	if (dquot->dq_bsoftlimit &&
 	   (dquot->dq_curblocks + blocks) > dquot->dq_bsoftlimit &&
-	    dquot->dq_btime && CURRENT_TIME >= dquot->dq_btime && !fsuser()) {
+	    dquot->dq_btime && CURRENT_TIME >= dquot->dq_btime && 
+	    !capable(CAP_SYS_RESOURCE)) {
                 if (need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: write failed, %s disk quota exceeded too long.\r\n",
 		        	dquot->dq_mnt->mnt_dirname, quotatypes[type]);
@@ -435,7 +440,8 @@
 	}
 	if (dquot->dq_bsoftlimit &&
 	   (dquot->dq_curblocks + blocks) > dquot->dq_bsoftlimit &&
-	    dquot->dq_btime == 0 && !fsuser()) {
+	    dquot->dq_btime == 0 && 
+	    !capable(CAP_SYS_RESOURCE)) {
                 if (need_print_warning(type, dquot)) {
 			sprintf(quotamessage, "%s: warning, %s disk quota exceeded\r\n",
 		        	dquot->dq_mnt->mnt_dirname, quotatypes[type]);
@@ -1039,11 +1045,12 @@
 			break;
 		case Q_GETQUOTA:
 			if (((type == USRQUOTA && current->uid != id) ||
-			     (type == GRPQUOTA && in_group_p(id))) && !fsuser())
+			     (type == GRPQUOTA && in_group_p(id))) && 
+			    !capable(CAP_SYS_ADMIN))
 				goto out;
 			break;
 		default:
-			if (!fsuser())
+			if (!capable(CAP_SYS_ADMIN))
 				goto out;
 	}
 
diff -urN /tmp/linux/fs/exec.c lp97/fs/exec.c
--- /tmp/linux/fs/exec.c	Thu Apr  2 19:04:00 1998
+++ lp97/fs/exec.c	Wed Apr 22 23:24:59 1998
@@ -564,7 +564,7 @@
 int prepare_binprm(struct linux_binprm *bprm)
 {
 	int mode;
-	int retval,id_change;
+	int retval,id_change,cap_change;
 	struct inode * inode = bprm->dentry->d_inode;
 
 	mode = inode->i_mode;
@@ -584,7 +584,7 @@
 
 	bprm->e_uid = current->euid;
 	bprm->e_gid = current->egid;
-	id_change = 0;
+	id_change = cap_change = 0;
 
 	/* Set-uid? */
 	if (mode & S_ISUID) {
@@ -641,19 +641,22 @@
 	     (current->cap_inheritable.cap &
 	      bprm->cap_inheritable.cap)) &
 	    ~current->cap_permitted.cap) {
-		id_change = 1;
+		cap_change = 1;
 	}
 
-	if (id_change) {
+	if (id_change || cap_change) {
 		/* We can't suid-execute if we're sharing parts of the executable */
 		/* or if we're being traced (or if suid execs are not allowed)    */
 		/* (current->mm->count > 1 is ok, as we'll get a new mm anyway)   */
-		if (IS_NOSUID(inode)
+		if (IS_NOSUID(inode) 
 		    || (current->flags & PF_PTRACED)
 		    || (current->fs->count > 1)
 		    || (atomic_read(&current->sig->count) > 1)
 		    || (current->files->count > 1)) {
-			if (!suser())
+			if (id_change && !capable(CAP_SETUID))
+				return -EPERM;
+			/* This should almost never be allowed */
+			if (cap_change && !capable(CAP_SETPCAP))
 				return -EPERM;
 		}
 	}
diff -urN /tmp/linux/fs/ext2/acl.c lp97/fs/ext2/acl.c
--- /tmp/linux/fs/ext2/acl.c	Mon Dec 22 02:41:24 1997
+++ lp97/fs/ext2/acl.c	Thu Apr 23 00:09:45 1998
@@ -51,8 +51,11 @@
 	 * Access is always granted for root. We now check last,
          * though, for BSD process accounting correctness
 	 */
-	if (((mode & mask & S_IRWXO) == mask) || fsuser())
+	if (((mode & mask & S_IRWXO) == mask) || capable(CAP_DAC_OVERRIDE))
 		return 0;
-	else
-		return -EACCES;
+	if ((mask == S_IROTH) ||
+	    (S_ISDIR(mode)  && !(mask & ~(S_IROTH | S_IXOTH))))
+		if (capable(CAP_DAC_READ_SEARCH))
+			return 0;
+	return -EACCES;
 }
diff -urN /tmp/linux/fs/ext2/balloc.c lp97/fs/ext2/balloc.c
--- /tmp/linux/fs/ext2/balloc.c	Thu Apr  2 23:39:52 1998
+++ lp97/fs/ext2/balloc.c	Thu Apr 23 00:16:18 1998
@@ -383,7 +383,8 @@
 	if (le32_to_cpu(es->s_free_blocks_count) <= le32_to_cpu(es->s_r_blocks_count) &&
 	    ((sb->u.ext2_sb.s_resuid != current->fsuid) &&
 	     (sb->u.ext2_sb.s_resgid == 0 ||
-	      !in_group_p (sb->u.ext2_sb.s_resgid)) && !fsuser())) {
+	      !in_group_p (sb->u.ext2_sb.s_resgid)) && 
+	     !capable(CAP_SYS_RESOURCE))) {
 		unlock_super (sb);
 		return 0;
 	}
diff -urN /tmp/linux/fs/ext2/file.c lp97/fs/ext2/file.c
--- /tmp/linux/fs/ext2/file.c	Wed Apr  8 20:36:53 1998
+++ lp97/fs/ext2/file.c	Thu Apr 23 00:17:09 1998
@@ -144,7 +144,7 @@
 
 	/* was any of the uid bits set? */
 	mode &= inode->i_mode;
-	if (mode && !suser()) {
+	if (mode && !capable(CAP_FSETID)) {
 		inode->i_mode &= ~mode;
 		mark_inode_dirty(inode);
 	}
diff -urN /tmp/linux/fs/ext2/inode.c lp97/fs/ext2/inode.c
--- /tmp/linux/fs/ext2/inode.c	Thu Apr  2 23:39:52 1998
+++ lp97/fs/ext2/inode.c	Thu Apr 23 00:20:02 1998
@@ -726,9 +726,9 @@
 	     (ATTR_FLAG_APPEND | ATTR_FLAG_IMMUTABLE)) ^
 	    (inode->u.ext2_i.i_flags &
 	     (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL))) {
-		if (!fsuser())
+		if (!capable(CAP_LINUX_IMMUTABLE))
 			goto out;
-	} else if ((current->fsuid != inode->i_uid) && !fsuser())
+	} else if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
 		goto out;
 
 	retval = inode_change_ok(inode, iattr);
diff -urN /tmp/linux/fs/ext2/ioctl.c lp97/fs/ext2/ioctl.c
--- /tmp/linux/fs/ext2/ioctl.c	Thu Apr  2 23:39:52 1998
+++ lp97/fs/ext2/ioctl.c	Wed Apr 22 23:57:34 1998
@@ -39,10 +39,11 @@
 		    (inode->u.ext2_i.i_flags &
 		     (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL))) {
 			/* This test looks nicer. Thanks to Pauline Middelink */
-			if (!fsuser())
+			if (!capable(CAP_LINUX_IMMUTABLE))
 				return -EPERM;
 		} else
-			if ((current->fsuid != inode->i_uid) && !fsuser())
+			if ((current->fsuid != inode->i_uid) && 
+			    !capable(CAP_FOWNER))
 				return -EPERM;
 		if (IS_RDONLY(inode))
 			return -EROFS;
@@ -70,7 +71,7 @@
 	case EXT2_IOC_GETVERSION:
 		return put_user(inode->u.ext2_i.i_version, (int *) arg);
 	case EXT2_IOC_SETVERSION:
-		if ((current->fsuid != inode->i_uid) && !fsuser())
+		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
 			return -EPERM;
 		if (IS_RDONLY(inode))
 			return -EROFS;
diff -urN /tmp/linux/fs/ext2/namei.c lp97/fs/ext2/namei.c
--- /tmp/linux/fs/ext2/namei.c	Thu Apr  2 23:39:51 1998
+++ lp97/fs/ext2/namei.c	Thu Apr 23 00:22:37 1998
@@ -630,7 +630,7 @@
 	retval = -EPERM;
 	if ((dir->i_mode & S_ISVTX) && 
 	    current->fsuid != inode->i_uid &&
-	    current->fsuid != dir->i_uid && !fsuser())
+	    current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rmdir;
 	if (inode == dir)	/* we may not delete ".", but "../dir" is ok */
 		goto end_rmdir;
@@ -724,7 +724,7 @@
 		goto end_unlink;
 	if ((dir->i_mode & S_ISVTX) &&
 	    current->fsuid != inode->i_uid &&
-	    current->fsuid != dir->i_uid && !fsuser())
+	    current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_unlink;
 
 	retval = -EIO;
@@ -922,7 +922,7 @@
 	retval = -EPERM;
 	if ((old_dir->i_mode & S_ISVTX) && 
 	    current->fsuid != old_inode->i_uid &&
-	    current->fsuid != old_dir->i_uid && !fsuser())
+	    current->fsuid != old_dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rename;
 	if (IS_APPEND(old_inode) || IS_IMMUTABLE(old_inode))
 		goto end_rename;
@@ -963,7 +963,7 @@
 	if (new_inode) {
 		if ((new_dir->i_mode & S_ISVTX) &&
 		    current->fsuid != new_inode->i_uid &&
-		    current->fsuid != new_dir->i_uid && !fsuser())
+		    current->fsuid != new_dir->i_uid && !capable(CAP_FOWNER))
 			goto end_rename;
 		if (IS_APPEND(new_inode) || IS_IMMUTABLE(new_inode))
 			goto end_rename;
diff -urN /tmp/linux/fs/minix/namei.c lp97/fs/minix/namei.c
--- /tmp/linux/fs/minix/namei.c	Wed Feb  4 20:08:53 1998
+++ lp97/fs/minix/namei.c	Thu Apr 23 00:45:52 1998
@@ -416,7 +416,7 @@
 
         if ((dir->i_mode & S_ISVTX) &&
             current->fsuid != inode->i_uid &&
-            current->fsuid != dir->i_uid && !fsuser())
+            current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rmdir;
 	if (inode->i_dev != dir->i_dev)
 		goto end_rmdir;
@@ -482,7 +482,7 @@
 	}
 	if ((dir->i_mode & S_ISVTX) &&
 	    current->fsuid != inode->i_uid &&
-	    current->fsuid != dir->i_uid && !fsuser())
+	    current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_unlink;
 	if (de->inode != inode->i_ino) {
 		retval = -ENOENT;
@@ -641,7 +641,7 @@
 	retval = -EPERM;
 	if ((old_dir->i_mode & S_ISVTX) && 
 	    current->fsuid != old_inode->i_uid &&
-	    current->fsuid != old_dir->i_uid && !fsuser())
+	    current->fsuid != old_dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rename;
 	new_inode = new_dentry->d_inode;
 	new_bh = minix_find_entry(new_dir, new_dentry->d_name.name,
@@ -673,7 +673,7 @@
 	retval = -EPERM;
 	if (new_inode && (new_dir->i_mode & S_ISVTX) && 
 	    current->fsuid != new_inode->i_uid &&
-	    current->fsuid != new_dir->i_uid && !fsuser())
+	    current->fsuid != new_dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rename;
 	if (S_ISDIR(old_inode->i_mode)) {
 		retval = -ENOTDIR;
diff -urN /tmp/linux/fs/namei.c lp97/fs/namei.c
--- /tmp/linux/fs/namei.c	Tue Jan 13 00:03:28 1998
+++ lp97/fs/namei.c	Thu Apr 23 00:09:43 1998
@@ -191,8 +191,13 @@
 		mode >>= 6;
 	else if (in_group_p(inode->i_gid))
 		mode >>= 3;
-	if (((mode & mask & 0007) == mask) || fsuser())
+	if (((mode & mask & S_IRWXO) == mask) || capable(CAP_DAC_OVERRIDE))
 		return 0;
+	/* read and search access */
+	if ((mask == S_IROTH) ||
+	    (S_ISDIR(mode)  && !(mask & ~(S_IROTH | S_IXOTH))))
+		if (capable(CAP_DAC_READ_SEARCH))
+			return 0;
 	return -EACCES;
 }
 
@@ -701,7 +706,7 @@
 
 	lock_kernel();
 	error = -EPERM;
-	if (S_ISDIR(mode) || (!S_ISFIFO(mode) && !fsuser()))
+	if (S_ISDIR(mode) || (!S_ISFIFO(mode) && !capable(CAP_SYS_ADMIN)))
 		goto out;
 	error = -EINVAL;
 	switch (mode & S_IFMT) {
diff -urN /tmp/linux/fs/nfsd/nfsctl.c lp97/fs/nfsd/nfsctl.c
--- /tmp/linux/fs/nfsd/nfsctl.c	Mon Jan 12 23:39:48 1998
+++ lp97/fs/nfsd/nfsctl.c	Thu Apr 23 00:52:52 1998
@@ -148,7 +148,7 @@
 	if (!initialized)
 		nfsd_init();
 	err = -EPERM;
-	if (!suser()) {
+	if (!capable(CAP_SYS_ADMIN)) {
 		goto done;
 	}
 	err = -EFAULT;
diff -urN /tmp/linux/fs/open.c lp97/fs/open.c
--- /tmp/linux/fs/open.c	Tue Mar 10 22:28:05 1998
+++ lp97/fs/open.c	Wed Apr 22 23:51:57 1998
@@ -411,7 +411,7 @@
 		goto dput_and_out;
 
 	error = -EPERM;
-	if (!fsuser())
+	if (!capable(CAP_SYS_CHROOT))
 		goto dput_and_out;
 
 	/* exchange dentries */
@@ -833,7 +833,7 @@
 	int ret = -EPERM;
 
 	lock_kernel();
-	if (!suser())
+	if (!capable(CAP_SYS_TTY_CONFIG))
 		goto out;
 	/* If there is a controlling tty, hang it up */
 	if (current->tty)
diff -urN /tmp/linux/fs/proc/array.c lp97/fs/proc/array.c
--- /tmp/linux/fs/proc/array.c	Thu Mar 12 00:53:18 1998
+++ lp97/fs/proc/array.c	Mon Apr 20 23:56:14 1998
@@ -764,6 +764,15 @@
 	return buffer;
 }
 
+extern inline char *task_cap(struct task_struct *p, char *buffer)
+{
+       buffer += sprintf(buffer, "CapInh:\t%08x\n", p->cap_inheritable.cap);
+       buffer += sprintf(buffer, "CapPrm:\t%08x\n", p->cap_permitted.cap);
+       buffer += sprintf(buffer, "CapEff:\t%08x\n", p->cap_effective.cap);
+       return buffer;
+}
+
+
 static int get_status(int pid, char * buffer)
 {
 	char * orig = buffer;
@@ -778,6 +787,7 @@
 	buffer = task_state(tsk, buffer);
 	buffer = task_mem(tsk, buffer);
 	buffer = task_sig(tsk, buffer);
+	buffer = task_cap(tsk, buffer);
 	return buffer - orig;
 }
 
diff -urN /tmp/linux/fs/proc/inode.c lp97/fs/proc/inode.c
--- /tmp/linux/fs/proc/inode.c	Thu Apr 23 00:59:26 1998
+++ lp97/fs/proc/inode.c	Thu Apr 23 00:25:15 1998
@@ -145,8 +145,13 @@
 		mode >>= 6;
 	else if (in_group_p(inode->i_gid))
 		mode >>= 3;
-	if (((mode & mask & 0007) == mask) || fsuser())
+	if (((mode & mask & S_IRWXO) == mask) || capable(CAP_DAC_OVERRIDE))
 		return 0;
+	/* read and search access */
+	if ((mask == S_IROTH) ||
+	    (S_ISDIR(mode)  && !(mask & ~(S_IROTH | S_IXOTH))))
+		if (capable(CAP_DAC_READ_SEARCH))
+			return 0;
 	return -EACCES;
 }
 
diff -urN /tmp/linux/fs/smbfs/proc.c lp97/fs/smbfs/proc.c
--- /tmp/linux/fs/smbfs/proc.c	Mon Mar  2 21:37:44 1998
+++ lp97/fs/smbfs/proc.c	Thu Apr 23 00:49:43 1998
@@ -630,7 +630,8 @@
 		goto out;
 
 	error = -EACCES;
-	if (current->uid != server->mnt->mounted_uid && !suser())
+	if (current->uid != server->mnt->mounted_uid && 
+	    !capable(CAP_SYS_ADMIN))
 		goto out;
 
 	error = -EBADF;
diff -urN /tmp/linux/fs/super.c lp97/fs/super.c
--- /tmp/linux/fs/super.c	Sat Apr  4 19:45:18 1998
+++ lp97/fs/super.c	Wed Apr 22 23:52:25 1998
@@ -743,7 +743,7 @@
 	struct dentry * dentry;
 	int retval;
 
-	if (!suser())
+	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
 	lock_kernel();
@@ -985,7 +985,7 @@
 	struct file dummy;	/* allows read-write or read-only flag */
 
 	lock_kernel();
-	if (!suser())
+	if (!capable(CAP_SYS_ADMIN))
 		goto out;
 	if ((new_flags &
 	     (MS_MGC_MSK | MS_REMOUNT)) == (MS_MGC_VAL | MS_REMOUNT)) {
diff -urN /tmp/linux/fs/sysv/namei.c lp97/fs/sysv/namei.c
--- /tmp/linux/fs/sysv/namei.c	Wed Feb  4 20:08:53 1998
+++ lp97/fs/sysv/namei.c	Thu Apr 23 00:47:58 1998
@@ -419,7 +419,7 @@
 
         if ((dir->i_mode & S_ISVTX) &&
             current->fsuid != inode->i_uid &&
-            current->fsuid != dir->i_uid && !fsuser())
+            current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rmdir;
 	if (inode->i_dev != dir->i_dev)
 		goto end_rmdir;
@@ -484,7 +484,7 @@
 	}
 	if ((dir->i_mode & S_ISVTX) &&
 	    current->fsuid != inode->i_uid &&
-	    current->fsuid != dir->i_uid && !fsuser())
+	    current->fsuid != dir->i_uid && !capable(CAP_FOWNER))
 		goto end_unlink;
 	if (de->inode != inode->i_ino) {
 		retval = -ENOENT;
@@ -643,7 +643,7 @@
 	retval = -EPERM;
 	if ((old_dir->i_mode & S_ISVTX) && 
 	    current->fsuid != old_inode->i_uid &&
-	    current->fsuid != old_dir->i_uid && !fsuser())
+	    current->fsuid != old_dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rename;
 	new_inode = new_dentry->d_inode;
 	new_bh = sysv_find_entry(new_dir, new_dentry->d_name.name,
@@ -675,7 +675,7 @@
 	retval = -EPERM;
 	if (new_inode && (new_dir->i_mode & S_ISVTX) && 
 	    current->fsuid != new_inode->i_uid &&
-	    current->fsuid != new_dir->i_uid && !fsuser())
+	    current->fsuid != new_dir->i_uid && !capable(CAP_FOWNER))
 		goto end_rename;
 	if (S_ISDIR(old_inode->i_mode)) {
 		retval = -ENOTDIR;
diff -urN /tmp/linux/fs/umsdos/namei.c lp97/fs/umsdos/namei.c
--- /tmp/linux/fs/umsdos/namei.c	Wed Apr  8 20:39:46 1998
+++ lp97/fs/umsdos/namei.c	Thu Apr 23 00:47:16 1998
@@ -350,14 +350,14 @@
     Printk (("ret %d ",ret));
     if (ret == 0){
       /* check sticky bit on old_dir */
-      if ( !(old_dir->i_mode & S_ISVTX) || fsuser() ||
+      if ( !(old_dir->i_mode & S_ISVTX) || capable(CAP_FOWNER) ||
 	   current->fsuid == old_info.entry.uid ||
 	   current->fsuid == old_dir->i_uid ) {
 	/* Does new_name already exist? */
 	PRINTK(("new findentry "));
 	ret = umsdos_findentry(new_dir,&new_info,0);
 	if (ret != 0 || /* if destination file exists, are we allowed to replace it ? */
-	    !(new_dir->i_mode & S_ISVTX) || fsuser() ||
+	    !(new_dir->i_mode & S_ISVTX) || capable(CAP_FOWNER) ||
 	    current->fsuid == new_info.entry.uid ||
 	    current->fsuid == new_dir->i_uid ) {
 	  PRINTK (("new newentry "));
@@ -933,7 +933,7 @@
         umsdos_real_lookup (dir, tdentry);	/* fill inode part */
 	Printk (("isempty %d i_count %d ",empty,sdir->i_count));
 				/* check sticky bit */
-	if ( !(dir->i_mode & S_ISVTX) || fsuser() ||
+	if ( !(dir->i_mode & S_ISVTX) || capable(CAP_FOWNER) ||
 	     current->fsuid == sdir->i_uid ||
 	     current->fsuid == dir->i_uid ) {
 	  if (empty == 1){
@@ -1024,7 +1024,7 @@
       if (ret == 0){
 	Printk (("UMSDOS_unlink %.*s ",info.fake.len,info.fake.fname));
 				/* check sticky bit */
-	if ( !(dir->i_mode & S_ISVTX) || fsuser() ||
+	if ( !(dir->i_mode & S_ISVTX) || capable(CAP_FOWNER) ||
 	     current->fsuid == info.entry.uid ||
 	     current->fsuid == dir->i_uid ) {
 	  if (info.entry.flags & UMSDOS_HLINK){

--BOKacYhQ+x31HxR3--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Next message: Alexander Kjeldaas: "suser() -> capable() for linux/net"
Previous message: Rik van Riel: "Re: Blocksize question"