-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
utime disallowed by user set with force_owner when not given direct FD on file #609
Comments
After inspecting with With gocryptfs 1.7, the response to a CREATE or a LOOKUP has the force_owner-specified UID. With gocryptfs 2.1, the response to a CREATE or a LOOKUP has the underlying UID, ignoring the value specified for |
#610 fixes this issue, confirming that it is in fact caused by |
With a file stored on gocryptfs 2.1, when
force_owner
is used to present the mount point as owned by a different (non-root) user, a process running as that non-root user can successfully run the following Python code to copy a file while preserving its timestamp:...but cannot run the following, which differs only that it passes the
utimensat
syscall a path to the target file as opposed to an already-opened file handle:...which receives a
PermissionError: [Errno 1] Operation not permitted
This issue did not exist in gocryptfs 1.7 -- and it impacts far more applications than just the reproducer above (for example,
rsync
passesutimensat
a relative path to open and is subject to this bug).In the environment where this is reproduced, the backing store for gocryptfs is owned by a special-purpose user that does nothing other than own this directory and run gocryptfs processes; the mount options include
-force_owner
with the uid and gid of the user running the above code (which is different from the account running gocryptfs itself), and-allow_other
.The text was updated successfully, but these errors were encountered: