Ownerships and permissions details

Updated: 2016-01-06
Created: 2016

The Linux/UNIX ownerships and permissions mechanisms have some unintuitive behaviours, this is the list of topics for a talk.

This talk is because we tend to use other permissions too much, and this needs to change because:

Identities and accounts

Notions of identity and accounts:

tree$ id
uid=1(pkg) gid=1(pkg) groups=1(pkg)
tree$ sudo getent shadow root root:$6$cd0BQ.O0$JjUkqeTW1Cg6iri3SZMZfDoVLghGbc4vnyFqFb69CPdwHoyUkmuW2.hZYQgcNYyr9RGXgklSTAdYvtsAFiMPP0:16794:0:99999:7::: tree$ getent passwd pkg pkg:x:1:1:pkg:/home/pkg:/bin/bash tree$ getent group ssl-cert ssl-cert:x:107:postgres,prayer,freerad,yaws

Processes and state passing

Processes don't share state:

Process state details

Process state:

tree$  ls /proc/1/
attr             cpuset   limits      net            projid_map  stat
autogroup        cwd      loginuid    ns             root        statm
auxv             environ  map_files   numa_maps      sched       status
cgroup           exe      maps        oom_adj        schedstat   syscall
clear_refs       fd       mem         oom_score      sessionid   task
cmdline          fdinfo   mountinfo   oom_score_adj  setgroups   timers
comm             gid_map  mounts      pagemap        smaps       uid_map
coredump_filter  io       mountstats  personality    stack       wchan
tree$  sudo ls /proc/1/fd
0  1  11  13  14  15  17  2  20  22  23  25  29  3  32  4  5  6  7  8  9
tree$  sudo sh -c "tr '\0' '\n' < /proc/1/environ"
HOME=/
init=/sbin/init
recovery=
rootfsflags=inode64
TERM=linux
BOOT_IMAGE=/boot/vmlinuz-4.2.0-22-generic
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PWD=/
rootmnt=/root
tree$  PID  PPID  EUID  RUID  EGID  RGID SUPGID               TPGID  SESS COMMAND
...
17025     1  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24 16966 16960 /usr/lib/kde4/libexec/start_kdeinit +kcminit_sta
17026     1  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026 kdeinit4: kdeinit4 Running...                   
17027 17026  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026  \_ kdeinit4: klauncher [kdeinit] --fd=9        
17050 17026  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026  \_ kdeinit4: ksmserver [kdeinit]               
17052 17050  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026  |   \_ kwin HISTFILESIZE=300 KDE_FULL_SESSION=t
17144 17026  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026  \_ /usr/bin/xsettings-kde HISTFILESIZE=300 KDE_
17150 17026  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17026  \_ /usr/bin/alarm-clock-applet --hidden HISTFIL
17151 17026  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17151  \_ /usr/bin/python /usr/bin/hp-systray -x HISTF
17239 17151  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17151  |   \_ /usr/bin/python /usr/bin/hp-systray -x H
17240 17239  2048  2048  2048  2048 0,1,1,2,4,5,6,7,8,24    -1 17151  |       \_ /usr/bin/python /usr/bin/hp-systray 
...

Inodes and account permissions

Inodes have (owning) ouid and ogid and permission list as per /usr/include/linux/stat.h:

tree$  stat /
  File: ‘/’
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 806h/2054d      Inode: 96          Links: 45
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-04-04 21:13:38.274908537 +0100
Modify: 2016-01-05 22:17:10.186991926 +0000
Change: 2016-01-05 22:17:10.186991926 +0000
 Birth: -

Account permissions details

File inodes don't have names:

tree$  ls -ld /var/log/messages /usr/sbin/uuidd
-rw-r-----  1 root adm  76620068 Jan  8 08:03 /var/log/messages/
-rwsr-sr-x  1 libuuid libuuid 21584 Sep  2 19:35 /usr/sbin/uuidd

Specific permission types

Directory inodes are collections of directory entries:

tree$  ls -ld / /var/tmp /var/mail
drwxr-xr-x 45 root root     4096 Jan  5 22:17 /
drwxrwsr-x  2 root    mail       52 Jan  8 07:57 /var/mail
drwxrwxrwt 31 root    root     8192 Dec 31 21:22 /var/tmp

Default permissions

Inode permissions setting:

tree$  echo 'default' > file
tree$  ls -ld dir file
tree$  mkdir dir
drwxrwxrwx 2 pg pg 40 Jan  8 08:14 dir
-rw-rw-rw- 1 pg pg  8 Jan  8 08:14 file
tree$  umask 0006
tree$  mkdir dir2
tree$  echo 'umask 00006' > file2
tree$  ls -ld dir2 file2
drwxrwx--x 2 pg pg 40 Jan  8 08:15 dir2
-rw-rw---- 1 pg pg 12 Jan  8 08:15 file2

Permission checking

Process to inode permission checking:

tree$  chmod ug=,o=rw file; ls -ld file
-------rw- 1 pg pg 8 Jan  8 08:14 file
tree$  cat file
cat: file: Permission denied
tree$  sudo -u pkg cat file
default

Identity to account defaults

Typical setups:

Mutual distrust

The biggest problems are dynamic accesses among accounts and mutual distrust:

Typical solutions

Typical crossing problem where uid 1 and uid 2 want to send/receive data such that only the other can read/write it, and neither gives access to more than needed:

tree$  ls -ld /usr/sbin/exim4 /var/spool/mail/ /var/spool/exim4/
-rwsr-xr-x 1 root        root        983296 Feb 25  2014 /usr/sbin/exim4
drwxr-x--- 5 Debian-exim Debian-exim     40 May 24  2015 /var/spool/exim4/
drwxrwsr-x 2 root        mail            52 Jan  8 07:57 /var/spool/mail/

The one to many cases

One to many case case not symmetrical:

tree$  ls -ld /usr/bin/{mlocate,procmail,bsd-write}
-rwxr-sr-x 1 root tty     17328 Jun  4  2013 /usr/bin/bsd-write
-rwxr-sr-x 1 root mlocate 42176 Jun 20  2013 /usr/bin/mlocate
-rwsr-sr-x 1 root mail    91816 Sep  4  2014 /usr/bin/procmail
tree$  ls -ld /var/lib/mlocate/mlocate.db 
-rw-r----- 1 root mlocate 25427311 Jan  8 07:35 /var/lib/mlocate/mlocate.db

Dynamic many-to-many

The big problem is arbitrary many-to-many mutual distrust: uid 1 and uid 2 want to exchange data but neither will execute a set-euid file with ouid of the other, and there is no common group:

Related commands

Related files and commands:

Extensions

More complicated situations: