1 |
On Thursday, 10 March 2022 17:59:00 GMT Laurence Perkins wrote: |
2 |
> >-----Original Message----- |
3 |
> >From: Dr Rainer Woitok <rainer.woitok@×××××.com> |
4 |
> >Sent: Thursday, March 10, 2022 9:51 AM |
5 |
> >To: gentoo-user@l.g.o; Nikos Chantziaras <realnc@×××××.com> |
6 |
> >Subject: [gentoo-user] Re: Root can't write to files owned by others? |
7 |
> > |
8 |
> >Nikos, |
9 |
> > |
10 |
> >On Thursday, 2022-03-10 12:21:36 +0200, you wrote: |
11 |
> >> ... |
12 |
> >> Are you sure that: |
13 |
> >> |
14 |
> >> sysctl fs.protected_regular=0 |
15 |
> >> |
16 |
> >> does not help? I can reproduce it here on my system with kernel |
17 |
> >> 5.15.27, and setting that sysctl to 0 fixes it immediately. |
18 |
> > |
19 |
> >No, I'm not at all sure. Since you mentioned in your first mail that |
20 |
> >this is normal when using "systemd", I did not pursue this route any |
21 |
> >further, because I'm using "openrc". |
22 |
> > |
23 |
> >I'll search the web for "fs.protected_regular" to get a feeling for the |
24 |
> >consequences and then perhaps set this when I'll again boot kernel vers- |
25 |
> >ion 5.15.26. |
26 |
> > |
27 |
> >Thanks for being persistent :-) |
28 |
> > |
29 |
> >Sincerely, |
30 |
> > |
31 |
> > Rainer |
32 |
> |
33 |
> Basically the idea is to keep other users from being able to trick root into |
34 |
> writing sensitive data to something they control. It's a "systemd thing" |
35 |
> because, apparently, the systemd developers decided to have systemd enable |
36 |
> it instead of leaving it in the bailiwick of the distros' configurations. |
37 |
> But if the default setting changed in a later kernel as well, that would |
38 |
> potentially affect everyone, so a quick check of what it's set to wouldn't |
39 |
> be amiss. |
40 |
> |
41 |
> LMP |
42 |
|
43 |
Just checked and it is so, on openrc: |
44 |
|
45 |
~ # uname -r |
46 |
5.15.26-gentoo |
47 |
~ # sysctl -a | grep fs.protected_regular |
48 |
fs.protected_regular = 1 |