Re: [patch included] Re: using capabilities to allow debug of su

Andrew Morgan (morgan@transmeta.com)
Sat, 17 Apr 1999 14:54:33 -0700


OK ok..

Jeremy Fitzhardinge wrote:
>
> On 17-Apr-99 Andrew Morgan wrote:
> > I'm crossing my fingers that one does what I meant you to try. (The key
> > is that root can only remove files that root owns unless it has the
> > capability to do more.) In other words, root in this case should not be
> > able to remove luser's file. In your examples, root always owns the
> > file, so necessarily, it is able to manipulate them.
>
> When unlinking, it normally doesn't matter who owns a file or what its
> permissions are: it's the directory permissions which matter (ignoring +t
> dirs). Are you talking about modifying the semantics of unlink, or should you
> be using "open for writing" as the operation in your example?
>
> J

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/