On Sat, Jun 03, 2017 at 06:13:56PM +0200, Alexander Bochmann wrote: > Hi, > > ...on Wed, May 31, 2017 at 03:07:55PM -0400, Ted Unangst wrote: > > > Kurt Mosiejczuk wrote: > > > Just recently converted the main user machines students and faculty use > > > to OpenBSD 6.1. I've found out that git will abort in one scenario > > > where there is a directory in the tree where the user has execute > > > permissions but not read permissions. > > Not so much a corner case as explicitly documented as a possible error. > > I played some more with this. > > I have a couple of directories, and a user that is not in the > sys group: > > drwxrwx--x 3 root sys 512 Jun 3 15:04 test1 > drwxrwx-wx 2 root sys 512 Jun 3 15:09 test1/subdir > drwxrwx-wx 2 root sys 512 Jun 3 15:16 test2 > > On OpenBSD 6.1, this is what happens when I try to run a "pwd" > in those directories as the above user: > > $ cd /tmp/test1 > $ pwd > /tmp/test1 > $ cd /tmp/test1/subdir > $ pwd > ksh: pwd: can't get current directory - Permission denied > $ cd /tmp/test2 > $ pwd > /tmp/test2 > > I don't quite understand the Permission denied in test1/subdir? > Am I missing something? >
I will try a shot. it is mostly how I understand it, and I could be wrong (but I read the code source for some parts) :) - for "entering" in a directory (chdir(2)), you need the "search" permission on it (VEXEC - executable bit). - for reading the name of a node, you need the "read" permission (VREAD) on the node directory which contain it. The inode itself doesn't know its name (think about hardlinks), but only the parent directory. So in /tmp/test1 or /tmp/test2, in order to get the full path, you need: - VEXEC perm on test1 (or test2) - VEXEC|VREAD perm on /tmp (in order to read the name of "test1" node in /tmp) - VEXEC|VREAD perm on / (in order to read the name of "tmp" node in "/") you have all of them, you get the full pathname. Now for /tmp/test1/subdir, you need: - VEXEC perm on subdir - VEXEC|VREAD perm on test1 - VEXEC|VREAD perm on /tmp - VEXEC|VREAD perm on / here you don't have VREAD perm on "test1" (only VEXEC), so you can't obtain the name of "subdir" as it is written in "test1" vnode: getcwd(3) fails. -- Sebastien Marie
