[linux-cifs-client] Error's opening credentials file.
Jeff Layton
jlayton at samba.org
Sat Apr 3 18:23:10 MDT 2010
On Sat, 3 Apr 2010 22:42:39 +0200
Stef Bon <stefbon at gmail.com> wrote:
> Thanks for the explenation.
>
> I've got the recent dev. sources with git, and see the differences in
> the mount.cifs.c file.
> (line 325: #ifdef HAVE_LIBCAP)
>
> MY first analyse was wrong, that the function access gave an error,
> but what has changed?
The child mount.cifs process no longer had CAP_DAC_OVERRIDE.
> Was the implementation of libcap not right, and thus dropping
> privileges in a wrong manner?
It was dropping CAP_DAC_OVERRIDE which is needed for root to be able to
open files to which it doesn't have explicit permission.
> But how is it dropping privileges if it is run as root? To what
> account it's changing then?
>
It's not changing uid, it's explicitly dropping capabilities using
libcap.
--
Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list