Gentoo Archives: gentoo-user

From: Laurence Perkins <lperkins@×××××××.net>
To: "gentoo-user@l.g.o" <gentoo-user@l.g.o>, Nikos Chantziaras <realnc@×××××.com>
Subject: RE: [gentoo-user] Re: Root can't write to files owned by others?
Date: Thu, 10 Mar 2022 17:59:12
Message-Id: DM5PR07MB4055BA834BE527A79AE523C7D20B9@DM5PR07MB4055.namprd07.prod.outlook.com
In Reply to: [gentoo-user] Re: Root can't write to files owned by others? by Dr Rainer Woitok
1 >
2 >
3 >-----Original Message-----
4 >From: Dr Rainer Woitok <rainer.woitok@×××××.com>
5 >Sent: Thursday, March 10, 2022 9:51 AM
6 >To: gentoo-user@l.g.o; Nikos Chantziaras <realnc@×××××.com>
7 >Subject: [gentoo-user] Re: Root can't write to files owned by others?
8 >
9 >Nikos,
10 >
11 >On Thursday, 2022-03-10 12:21:36 +0200, you wrote:
12 >
13 >> ...
14 >> Are you sure that:
15 >>
16 >> sysctl fs.protected_regular=0
17 >>
18 >> does not help? I can reproduce it here on my system with kernel
19 >> 5.15.27, and setting that sysctl to 0 fixes it immediately.
20 >
21 >No, I'm not at all sure. Since you mentioned in your first mail that
22 >this is normal when using "systemd", I did not pursue this route any further, because I'm using "openrc".
23 >
24 >I'll search the web for "fs.protected_regular" to get a feeling for the consequences and then perhaps set this when I'll again boot kernel vers- ion 5.15.26.
25 >
26 >Thanks for being persistent :-)
27 >
28 >Sincerely,
29 > Rainer
30 >
31 >
32
33 Basically the idea is to keep other users from being able to trick root into writing sensitive data to something they control.
34 It's a "systemd thing" because, apparently, the systemd developers decided to have systemd enable it instead of leaving it in the bailiwick of the distros' configurations.
35 But if the default setting changed in a later kernel as well, that would potentially affect everyone, so a quick check of what it's set to wouldn't be amiss.
36
37 LMP

Replies

Subject Author
Re: [gentoo-user] Re: Root can't write to files owned by others? Michael <confabulate@××××××××.com>