Hello toki,
toki clover:
> Since two weeks or so ago, the following message is outputed when
> mounting aufs tree:
> 'aufs test_add:261:exe[1308]: uid/gid/perm sqfsd/lib32/rr 0/0/0700, 0/0/0755'
> which I did not see before. That line could be understandable: the ro
> branche in 0700 and the tree in 0755 but that is not what is
> happening!
I am not sure whether I could understand what you wrote correctly. At
the same time, I am not sure whether you would understand the meaning of
the message correctly.
The message says
- you already have a branch whose top dir is uid=0, gid=0 and perm=0700.
- you are adding a new branch, sqfsd/lib32/rr which is uid=0, gid=0 and
perm=0755.
- your current permission bits prohibits the access from users other
than root, but by adding sqfsd/lib32/rr every user is going to be able
to access.
- it may be a security problem. and kindly aufs warns you about it.
Here is the description in the aufs manual related to your issue.
----------------------------------------------------------------------
.B nowarn_perm
Adding a branch, aufs will issue a warning about uid/gid/permission of
the adding branch directory,
when they differ from the existing branch's. This difference may or
may not impose a security risk.
If you are sure that there is no problem and want to stop the warning,
use `nowarn_perm' option.
The default is `warn_perm' (cf. DIAGNOSTICS).
:::
.SH DIAGNOSTICS
When you add a branch to your union, aufs may warn you about the
privilege or security of the branch, which is the permission bits,
owner and group of the top directory of the branch.
For example, when your upper writable branch has a world writable top
directory,
a malicious user can create any files on the writable branch directly,
like copyup and modify manually. I am afraid it can be a security
issue.
----------------------------------------------------------------------
If you have something trouble, I'd suggest you to firstly confirm the
permission bits on your adding branch.
J. R. Okajima
------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
