On Thursday, 10 March 2022 17:59:00 GMT Laurence Perkins wrote: > >-----Original Message----- > >From: Dr Rainer Woitok <rainer.woi...@gmail.com> > >Sent: Thursday, March 10, 2022 9:51 AM > >To: gentoo-user@lists.gentoo.org; Nikos Chantziaras <rea...@gmail.com> > >Subject: [gentoo-user] Re: Root can't write to files owned by others? > > > >Nikos, > > > >On Thursday, 2022-03-10 12:21:36 +0200, you wrote: > >> ... > >> Are you sure that: > >> > >> sysctl fs.protected_regular=0 > >> > >> does not help? I can reproduce it here on my system with kernel > >> 5.15.27, and setting that sysctl to 0 fixes it immediately. > > > >No, I'm not at all sure. Since you mentioned in your first mail that > >this is normal when using "systemd", I did not pursue this route any > >further, because I'm using "openrc". > > > >I'll search the web for "fs.protected_regular" to get a feeling for the > >consequences and then perhaps set this when I'll again boot kernel vers- > >ion 5.15.26. > > > >Thanks for being persistent :-) > > > >Sincerely, > > > > Rainer > > Basically the idea is to keep other users from being able to trick root into > writing sensitive data to something they control. It's a "systemd thing" > because, apparently, the systemd developers decided to have systemd enable > it instead of leaving it in the bailiwick of the distros' configurations. > But if the default setting changed in a later kernel as well, that would > potentially affect everyone, so a quick check of what it's set to wouldn't > be amiss. > > LMP
Just checked and it is so, on openrc: ~ # uname -r 5.15.26-gentoo ~ # sysctl -a | grep fs.protected_regular fs.protected_regular = 1
signature.asc
Description: This is a digitally signed message part.