Prev: Non-Flash flashing ads
Next: Low end HP printers & OS X 10.6
From: R on 28 Apr 2010 06:25
Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote:
> Yes, mine does exactly the same. How peculiar.

It's nice to know I'm not going mad.

> A new terminal *also* allows one to rm the root_file, after the
> initial rm other_file.

Yes!

> But! I'm wondering if it's the initial 'rm root_file' that's
> incorrect, since krill *is* a member of the wheel group, as shown by
> the ownerships on other_file.

Unlike in some other *nixes, group ownership is inherited
from the parent directory.

In other words, krill isn't a member of wheel, but any file
created by krill in '/Users/Shared' will, by default, have
wheel group ownership because '/Users/Shared' has
wheel group ownsership.

Note: I've spoken to some people on IRC who can't seem
to replicate the problem. So it would seem to be related to
something that is common to both our systems, but not
theirs. I've been scrutinizing ACLs, because they can be
inherited, but I can't see anything strange.
From: Jaimie Vandenbergh on 28 Apr 2010 06:29
On Wed, 28 Apr 2010 22:16:15 +1200, dempson(a)actrix.gen.nz (David
Empson) wrote:

>Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote:
>
>> On Wed, 28 Apr 2010 10:44:18 +0100, me32(a)privacy.net (R) wrote:
>>
>> >Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote:
>> >
>> >> On Wed, 28 Apr 2010 09:20:10 +0100, me32(a)privacy.net (R) wrote:
>> >>
>> >> >Can any of you replicate this? If you can, it looks like an ugly bug
>> >> >and one I need to report asap.
>> >>
>> >> Can you give the complete `ls -el` for each of the directory and the
>> >> two files? I want to make sure I'm doing like for like.
>> >
>> >Ok. This time the file at risk ('root_file') is owned by 'root'. To aid
>> >legibility, there is some spacing added below:
>>[snip]
>> But! I'm wondering if it's the initial 'rm root_file' that's
>> incorrect, since krill *is* a member of the wheel group, as shown by
>> the ownerships on other_file.
>
>Not that simple. For some reason, every file I create in /Users/Shared
>(via touch) is in group wheel, no matter which user creates it (admin or
>normal). None of my users are members of group wheel.

Point. I started looking at groups, but as /etc/passwd now says that
it is not referred to outside single user, and points towards the
Directory.app that no longer exists in Utilities, I got distracted by
work and didn't follow up...

I'd forgotten that just typing "groups" would show me my own, and
there is indeed no wheel.

Some confusion of mapping between fs and OS user concepts, combined
with a special case privs or group-membership escalation for actions
in sticky folders? It does sound pretty dubious.

Cheers - Jaimie
--
"I went to a planet where the dominant lifeform had no bilateral symmetry,
and all I got was this stupid F-Shirt." -- Eric Pivnik
From: Jaimie Vandenbergh on 28 Apr 2010 06:30
On Wed, 28 Apr 2010 11:10:03 +0100, Chris Ridd <chrisridd(a)mac.com>
wrote:

>On 2010-04-28 10:44:18 +0100, R said:
>
>> Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote:
>>
>>> On Wed, 28 Apr 2010 09:20:10 +0100, me32(a)privacy.net (R) wrote:
>>>
>>>> Can any of you replicate this? If you can, it looks like an ugly bug
>>>> and one I need to report asap.
>>>
>>> Can you give the complete `ls -el` for each of the directory and the
>>> two files? I want to make sure I'm doing like for like.
>>
>> Ok. This time the file at risk ('root_file') is owned by 'root'. To aid
>> legibility, there is some spacing added below:
>>
>> bash: pwd
>> /Users/Shared
>>
>> bash: ls -el root_file
>> -rw-r--r-- 1 root wheel 0 28 Apr 10:24 root_file
>>
>> bash: ls -eld /Users/Shared
>> drwxrwxrwt 18 root wheel 612 28 Apr 10:24 /Users/Shared
>>
>> bash: rm root_file
>> override rw-r--r-- root/wheel for root_file? y
>> rm: root_file: Permission denied
>>
>> bash: touch other_file
>>
>> bash: ls -el other_file
>> -rw-r--r-- 1 krill wheel 0 28 Apr 10:27 other_file
>
>What are the permissions on /Users/Shared now?

No change, still drwxrwxrwt, root:wheel.

Cheers - Jaimie
--
"I'll never forget my first wife - drove me to drink. I'm
eternally grateful." - W. C. Fields
From: Chris Ridd on 28 Apr 2010 06:36
On 2010-04-28 11:30:40 +0100, Jaimie Vandenbergh said:

> On Wed, 28 Apr 2010 11:10:03 +0100, Chris Ridd <chrisridd(a)mac.com>
> wrote:
>
>> On 2010-04-28 10:44:18 +0100, R said:
>>
>>> Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote:
>>>
>>>> On Wed, 28 Apr 2010 09:20:10 +0100, me32(a)privacy.net (R) wrote:
>>>>
>>>>> Can any of you replicate this? If you can, it looks like an ugly bug
>>>>> and one I need to report asap.
>>>>
>>>> Can you give the complete `ls -el` for each of the directory and the
>>>> two files? I want to make sure I'm doing like for like.
>>>
>>> Ok. This time the file at risk ('root_file') is owned by 'root'. To aid
>>> legibility, there is some spacing added below:
>>>
>>> bash: pwd
>>> /Users/Shared
>>>
>>> bash: ls -el root_file
>>> -rw-r--r-- 1 root wheel 0 28 Apr 10:24 root_file
>>>
>>> bash: ls -eld /Users/Shared
>>> drwxrwxrwt 18 root wheel 612 28 Apr 10:24 /Users/Shared
>>>
>>> bash: rm root_file
>>> override rw-r--r-- root/wheel for root_file? y
>>> rm: root_file: Permission denied
>>>
>>> bash: touch other_file
>>>
>>> bash: ls -el other_file
>>> -rw-r--r-- 1 krill wheel 0 28 Apr 10:27 other_file
>>
>> What are the permissions on /Users/Shared now?
>
> No change, still drwxrwxrwt, root:wheel.

Yup, when I tried to reproduce this the perms on /Users/shared stayed
the same. But then I could also rm the root_file.

dtracing the kernel's ACL(etc) code might be the only way to discover
what's happening.

--
Chris

From: R on 28 Apr 2010 06:39
Chris Ridd <chrisridd(a)mac.com> wrote:
[...]
> > bash: ls -eld /Users/Shared
> > drwxrwxrwt 18 root wheel 612 28 Apr 10:24 /Users/Shared
> >
> > bash: rm root_file
> > override rw-r--r-- root/wheel for root_file? y
> > rm: root_file: Permission denied
> >
> > bash: touch other_file
> >
> > bash: ls -el other_file
> > -rw-r--r-- 1 krill wheel 0 28 Apr 10:27 other_file
>
> What are the permissions on /Users/Shared now?

Unchanged:

bash: ls -eld /Users/Shared/
drwxrwxrwt 16 root wheel 544 28 Apr 11:32 /Users/Shared/

There's definitely something fishy and intriguing going on here!
Are you also able to replicate this under some account?

Thanks,

R.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Non-Flash flashing ads
Next: Low end HP printers & OS X 10.6