| 1 |
On Thursday, 10 March 2022 17:59:00 GMT Laurence Perkins wrote: |
| 2 |
> >-----Original Message----- |
| 3 |
> >From: Dr Rainer Woitok <rainer.woitok@×××××.com> |
| 4 |
> >Sent: Thursday, March 10, 2022 9:51 AM |
| 5 |
> >To: gentoo-user@l.g.o; Nikos Chantziaras <realnc@×××××.com> |
| 6 |
> >Subject: [gentoo-user] Re: Root can't write to files owned by others? |
| 7 |
> > |
| 8 |
> >Nikos, |
| 9 |
> > |
| 10 |
> >On Thursday, 2022-03-10 12:21:36 +0200, you wrote: |
| 11 |
> >> ... |
| 12 |
> >> Are you sure that: |
| 13 |
> >> |
| 14 |
> >> sysctl fs.protected_regular=0 |
| 15 |
> >> |
| 16 |
> >> does not help? I can reproduce it here on my system with kernel |
| 17 |
> >> 5.15.27, and setting that sysctl to 0 fixes it immediately. |
| 18 |
> > |
| 19 |
> >No, I'm not at all sure. Since you mentioned in your first mail that |
| 20 |
> >this is normal when using "systemd", I did not pursue this route any |
| 21 |
> >further, because I'm using "openrc". |
| 22 |
> > |
| 23 |
> >I'll search the web for "fs.protected_regular" to get a feeling for the |
| 24 |
> >consequences and then perhaps set this when I'll again boot kernel vers- |
| 25 |
> >ion 5.15.26. |
| 26 |
> > |
| 27 |
> >Thanks for being persistent :-) |
| 28 |
> > |
| 29 |
> >Sincerely, |
| 30 |
> > |
| 31 |
> > Rainer |
| 32 |
> |
| 33 |
> Basically the idea is to keep other users from being able to trick root into |
| 34 |
> writing sensitive data to something they control. It's a "systemd thing" |
| 35 |
> because, apparently, the systemd developers decided to have systemd enable |
| 36 |
> it instead of leaving it in the bailiwick of the distros' configurations. |
| 37 |
> But if the default setting changed in a later kernel as well, that would |
| 38 |
> potentially affect everyone, so a quick check of what it's set to wouldn't |
| 39 |
> be amiss. |
| 40 |
> |
| 41 |
> LMP |
| 42 |
|
| 43 |
Just checked and it is so, on openrc: |
| 44 |
|
| 45 |
~ # uname -r |
| 46 |
5.15.26-gentoo |
| 47 |
~ # sysctl -a | grep fs.protected_regular |
| 48 |
fs.protected_regular = 1 |
Archives