[linux-cifs-client] Error's opening credentials file.

Stef Bon stefbon at gmail.com
Sun Apr 4 10:40:10 MDT 2010


2010/4/4 Jeff Layton <jlayton at samba.org>:
> On Sat, 3 Apr 2010 22:42:39 +0200
> Stef Bon <stefbon at gmail.com> wrote:
>
>> Thanks for the explenation.
>>
>> I've got the recent dev. sources with git, and see the differences in
>> the mount.cifs.c file.
>> (line 325: #ifdef HAVE_LIBCAP)
>>
>> MY first analyse was wrong, that the function access gave an error,
>> but what has changed?
>
> The child mount.cifs process no longer had CAP_DAC_OVERRIDE.
>
>> Was the implementation of libcap not right, and thus dropping
>> privileges in a wrong manner?
>
> It was dropping CAP_DAC_OVERRIDE which is needed for root to be able to
> open files to which it doesn't have explicit permission.
>

OK, but then the system call fopen (and maybe access?) looks at this
value CAP_DAC_OVERRIDE,
but to be frankly, I've never heard of this before. (and I'm
developing fs with FUSE..)

Can you please explain how these system calls look at the cap values/settings?

When your app is not using the libcap, the cap values are not set. It
still works.

Stef
>> But how is it dropping privileges if it is run as root? To what
>> account it's changing then?
>>
>
> It's not changing uid, it's explicitly dropping capabilities using
> libcap.

Yes sorry, you've already explained this. Stupid question.

Stef


More information about the linux-cifs-client mailing list