No subject


Thu Jan 3 13:04:04 EST 2013 

permissions means selinux.=0A=0Agetfacl foo=0A# file: foo=0A# owner: otheru=
ser=0A# group: users=0Auser::rwx=0Agroup::---=0Aother::---=0A=0ABut yet, I =
can create a subdirectory a couple levels down underneath this directory fo=
o.=A0 There must be something other than the permissions coming into play, =
since the permissions are 700.=0A=0A=0A=0A=0A=0A>__________________________=
______=0A> From: "Budde, Josh" <jbudde at med.umich.edu>=0A>To: "<linux-users@=
lugwash.org>" <linux-users at lugwash.org> =0A>Cc: "mdlug at mdlug.org" <mdlug at md=
lug.org> =0A>Sent: Wednesday, January 16, 2013 10:40 PM=0A>Subject: Re: [WL=
UG] SELinux permissions=0A> =0A>Doesn't sound like selinux-sounds like file=
system ACLs. Try running getfacl=0A>foo and seeing what it says=0A>=0A>Josh=
=0A>=0A>On Jan 16, 2013, at 10:37 PM, John Wiersba <jrw32982 at yahoo.com>=0A>=
wrote:=0A>=0A>> Can someone please explain a little bit about selinux?=0A>>=
=0A>> I see a directory foo=0A>> with permissions drwx------. (note the tra=
iling dot) owned by another user,=0A>> with a security context of (ls -lZ) =
system_u:object_r:nfs_t:s0.=A0 My user=0A>runs=0A>> as security context (id=
 -Z)=0A>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023.=0A>>=0A>> =
For some reason I=0A>> don't understand, even though permissions are 700 on=
 the directory foo, I=0A>can=0A>> still create a subdirectory bar under it.=
=A0 However, I cannot remove the=0A>> subdirectory bar once it has been cre=
ated.=A0 It appears that my user has=0A>> somehow been granted permissions =
to create an object under this directory=0A>foo=0A>> but not the permission=
s to remove an object from it, even one that I own.=0A>And=0A>> all that ev=
en though permissions are 700 with the directory foo being owned=0A>by=0A>>=
 another user.=0A>>=0A>> Is there any way to understand that based on what =
is visible to=0A>> me as a user (not a sysadmin)?=0A>> --=0A>> ***=A0 Sent =
from linux-users at lugwash.org=A0 ***=A0 http://www.lugwash.org=0A>> to unsub=
scribe: `echo "unsubscribe" | mail linux-users-request at lugwash.org`=0A>=0A>=
**********************************************************=0A>Electronic Ma=
il is not secure, may not be read every day, and should not be=0A>used for =
urgent or sensitive issues=0A>--=0A>***=A0 Sent from linux-users at lugwash.or=
g=A0 ***=A0 http://www.lugwash.org=0A>to unsubscribe: `echo "unsubscribe" |=
 mail linux-users-request at lugwash.org`=0A>=0A>=0A>

More information about the mdlug mailing list