[mdlug] SELinux permissions
John Wiersba
jrw32982 at yahoo.com
Wed Jan 16 22:37:46 EST 2013
Can someone please explain a little bit about selinux?
I see a directory foo with permissions drwx------. (note the trailing dot) owned by another user, with a security context of (ls -lZ) system_u:object_r:nfs_t:s0. My user runs as security context (id -Z) unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023.
For some reason I don't understand, even though permissions are 700 on the directory foo, I can still create a subdirectory bar under it. However, I cannot remove the subdirectory bar once it has been created. It appears that my user has somehow been granted permissions to create an object under this directory foo but not the permissions to remove an object from it, even one that I own. And all that even though permissions are 700 with the directory foo being owned by another user.
Is there any way to understand that based on what is visible to me as a user (not a sysadmin)?
More information about the mdlug
mailing list