Bug 12519 - под unionfs не работает passwd
Summary: под unionfs не работает passwd
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: kernel-image-std-smp (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Sergey Vlasov
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-08-09 16:48 MSD by Anton Farygin
Modified: 2008-07-11 15:52 MSD (History)
2 users (show)

See Also:

Attachments
можно попробовать приложить этот патч (610 bytes, patch)
2007-08-21 10:24 MSD, Andriy Stepanov (stanv) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Farygin 2007-08-09 16:48:12 MSD 
passwd, запущенный на livecd не отрабатывает.

/mnt/root//etc /etc unionfs
rw,dirs=/mnt/root/etc=rw:/etc=ro,debug=4294967295,delete=whiteout 0 0


Вот кусок strace:
stat64("/etc/tcb/altlinux", {st_mode=S_IFDIR|0710, st_size=80, ...}) = 0
getgroups32(262144, [0, 1, 2, 3, 4, 6, 10, 19]) = 8
setgroups32(0, [])                      = 0
setfsgid32(26)                          = 26
setfsgid32(26)                          = 26
setfsuid32(500)                         = 0
setfsuid32(500)                         = 500
open("/etc/tcb/altlinux/shadow.lock",
O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
rt_sigaction(SIGALRM, {0xb7d078f0, ~[RTMIN RT_1], 0}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
setitimer(ITIMER_REAL, {it_interval={1, 0}, it_value={1, 0}}, NULL) = 0
fcntl64(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
time(NULL)                              = 1186649173
open("/etc/tcb/altlinux/shadow.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0400) = 4
fcntl64(4, F_GETFL)                     = 0x1 (flags O_WRONLY)
fstat64(4, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef6000
_llseek(4, 0, [0], SEEK_CUR)            = 0
open("/etc/tcb/altlinux/shadow", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0640, st_size=22, ...}) = 0
stat64("/etc/tcb/altlinux/shadow", {st_mode=S_IFREG|0640, st_size=22, ...}) = 0
chmod("/etc/tcb/altlinux/shadow.tmp", 0400) = 0
chown32("/etc/tcb/altlinux/shadow.tmp", 500, 27) = -1 EPERM (Operation not
permitted)
time(NULL)                              = 1186649173
Comment 1 Andriy Stepanov (stanv) 2007-08-21 10:23:14 MSD 
Эксперемент на LiveCD:

[root@localhost] # chmod 2710 /etc/tcb/altlinux
католог /etc/tcb/altlinux получает законные права drwx--s---

владелецом каталога /etc/tcb/altlinux является: user (uid) auth (gid)

[user@localhost] $ touch /etc/tcb/altlinux/test_file

[root@localhost] # ls -l /etc/tcb/altlinux/test_file
-rw-r--r-- 1 user user 0 Aug 21 06:49 test_file 
вместо:
-rw-r--r-- 1 user auth 0 Aug 21 06:49 test_file

т.е. unionfs не отрабатывает флаг SGID для каталога.
Comment 2 Andriy Stepanov (stanv) 2007-08-21 10:24:43 MSD 
Created attachment 2158 [details]
можно попробовать приложить этот патч
Comment 3 Andriy Stepanov (stanv) 2007-08-23 09:25:44 MSD 
Вот что ответили по поводу моего патча, разработчики unionfs:

1. --------------------------------------------------------------------------

On Tue, Aug 21, 2007 at 10:11:51AM +0400, Andrew Stepanov wrote:
> > Hello.
> >
> > I have LiveCD.
> >
> > Mount options are like this:
> >
> > /mnt/root//etc /etc unionfs
> > rw,dirs=/mnt/root/etc=rw:/etc=ro,debug=4294967295,delete=whiteout 0 0

Which version of unionfs is this? It looks old. Unionfs 2.x doesn't support
the debug/delete mount options - no need for them really.

> > CD-ROM contain /etc/tcb/user directory with 'drwx--x---' rights
> >
> > [root@localhost~] # chmod 2710 /etc/tcb/user directory now with 
> > 'drwx--s---' rights
> >
> > /etc/tcb/user is owned by 'user' (uid) and 'auth' (gid)
> >
> > [user@localhost~] $ touch /etc/tcb/user/test_file
> > [user@localhost~] $ ls -l /etc/tcb/user/test_file
> > -rw-r--r-- 1 user user 0 Aug 21 06:49 test_file
> > Instead of:
> > -rw-r--r-- 1 user auth 0 Aug 21 06:49 test_file

Good catch.

> > Please, see attached patch. Does it solve this problem ?
> >
> > Thanks.

> > diff -ruN linux-2.6.18/fs/unionfs/inode.c
linux-2.6.18-modified/fs/unionfs/inode.c
> > --- linux-2.6.18/fs/unionfs/inode.c	2007-08-20 16:23:45 +0400
> > +++ linux-2.6.18-modified/fs/unionfs/inode.c	2007-08-20 16:20:44 +0400
> > @@ -85,7 +85,12 @@
> >  
> >  		newattrs.ia_mode = mode & ~current->fs->umask;
> >  		newattrs.ia_uid = current->fsuid;
> > -		newattrs.ia_gid = current->fsgid;
> > +		else if (parent->i_mode & S_ISGID) {

I'm a little bit confused about the above 'else' keyword (could be that
you're looking at 1.x code which is different quite a bit), but otherwise I
think idea is sane.

Josef 'Jeff' Sipek.

> > +			newattrs.i_gid = parent->i_gid;
> > +			if (S_ISDIR(mode))
> > +				mode |= S_ISGID;
> > +		} else
> > +			newattrs.ia_gid = current->fsgid;
> >  
> >  		if (wh_dentry->d_inode->i_size != 0) {
> >  			newattrs.ia_valid |= ATTR_SIZE;


2. --------------------------------------------------------------------------

Andrew, I've verified that the SGID bug doesn't exist in Unionfs-2.1.  As
Jeff hinted, you're probably using Unionfs 1.x, right?  If so, we strongly
recommend you upgrade to 2.1 -- this and many bugs are fixed.

Erez.
Comment 4 Michail Yakushin 2008-07-11 13:01:57 MSD 
Проблема актуальна?
Comment 5 Anton Farygin 2008-07-11 15:52:30 MSD 
Надо проверять на LiveCD.