Your message dated Tue, 12 Jul 2005 14:29:09 +0200
with message-id <[EMAIL PROTECTED]>
and subject line [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Bug#310027: quota:
ability user to display own quota]]
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 May 2005 06:22:11 +0000
>From [EMAIL PROTECTED] Fri May 20 23:22:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from lio.fmi.uni-sofia.bg (smtp.fmi.uni-sofia.bg) [62.44.101.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DZNND-00077P-00; Fri, 20 May 2005 23:22:11 -0700
Received: from debian.fmi.uni-sofia.bg ([62.44.101.36])
by smtp.fmi.uni-sofia.bg
for [EMAIL PROTECTED];
Sat, 21 May 2005 09:15:21 +0300
Received: by debian.fmi.uni-sofia.bg (Postfix, from userid 1000)
id A3ED42354A; Sat, 21 May 2005 09:22:04 +0300 (EEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ognyan Kulev <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: quota: ability user to display own quota
X-Mailer: reportbug 3.8
Date: Sat, 21 May 2005 09:22:04 +0300
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: quota
Version: 3.12-6
Severity: wishlist
Recommended practice is aquota.{user,group} to have access mode of 0600.
This means that ordinary user can't display own quota with quota(1). A
solution is to make quota(1) SUID and don't allow user or group argument
when quota(1) is called by ordinary user.
Am I missing something in my logic?
Regards,
ogi
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.31-pre2
Locale: LANG=bg_BG, LC_CTYPE=bg_BG (charmap=CP1251)
Versions of packages quota depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii e2fslibs 1.37-2 ext2 filesystem libraries
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libcomerr2 1.37-2 common error description library
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
-- debconf information excluded
---------------------------------------
Received: (at 310027-done) by bugs.debian.org; 12 Jul 2005 12:29:12 +0000
>From [email protected] Tue Jul 12 05:29:12 2005
Return-path: <[email protected]>
Received: from moutng.kundenserver.de [212.227.126.177]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DsJst-000234-00; Tue, 12 Jul 2005 05:29:11 -0700
Received: from p50893010.dip0.t-ipconnect.de [80.137.48.16] (helo=feivel)
by mrelayeu.kundenserver.de with ESMTP (Nemesis),
id 0MKxQS-1DsJsr3Ymm-0000jo; Tue, 12 Jul 2005 14:29:09 +0200
Received: by feivel (Postfix, from userid 1000)
id 6B23F4AB8B; Tue, 12 Jul 2005 14:29:09 +0200 (CEST)
Date: Tue, 12 Jul 2005 14:29:09 +0200
From: Michael Meskes <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Bug#310027: quota: ability
user to display own quota]]
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-Provags-ID: kundenserver.de [EMAIL PROTECTED]
login:da5cff6069dd6897c77170232368d0ba
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
I'm closing this bug report after upstream explained the technical side.
Michael
----- Forwarded message from Jan Kara <[EMAIL PROTECTED]> -----
Date: Mon, 11 Jul 2005 15:44:18 +0200
From: Jan Kara <[EMAIL PROTECTED]>
To: Ognyan Kulev <[EMAIL PROTECTED]>
Cc: Michael Meskes <[EMAIL PROTECTED]>
Subject: Re: [EMAIL PROTECTED]: Bug#310027: quota: ability user to display own
quota]
Hi,
> ----- Forwarded message from Ognyan Kulev <[EMAIL PROTECTED]> -----
>
> From: Ognyan Kulev <[EMAIL PROTECTED]>
> To: Debian Bug Tracking System <[EMAIL PROTECTED]>
> Date: Sat, 21 May 2005 09:22:04 +0300
> Subject: Bug#310027: quota: ability user to display own quota
>
> Package: quota
> Version: 3.12-6
> Severity: wishlist
>
> Recommended practice is aquota.{user,group} to have access mode of 0600.
> This means that ordinary user can't display own quota with quota(1). A
> solution is to make quota(1) SUID and don't allow user or group argument
> when quota(1) is called by ordinary user.
>
> Am I missing something in my logic?
Yes. You're missing the fact that if quota is actually turned on (i.e.
it has some effect on a user), then any user can query his quota by an
appropriate syscall. quota(1) recognizes this and uses the syscall when
possible so there's no need to have SUID quota(1).
Honza
----- End forwarded message -----
--
Michael Meskes
Email: Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED]
Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
