steve%maths.warwick.ac.uk@nss.cs.ucl.ac.uk (Steve Rumsby) (01/25/89)
This is on a 4.0.1 system - watch.
Script started on Thu Jan 19 08:52:18 1989
% cd /tmp
% ls -al
total 68
drwxrwxrwt 10 bin 2048 Jan 19 08:52 ./
drwxr-xr-x 20 bin 1024 Jan 10 14:52 ../
-rw-r--r-- 1 root 200 Jan 17 11:57 .getwd
drwxrwxrwt 2 bin 12800 Jan 19 04:15 alph/
drwxrwxrwt 6 bin 1024 Jan 19 08:42 avon/
drwxr-xr-x 2 steve 512 Nov 21 11:23 cmr/
drwxrwxrwt 10 bin 3584 Jan 19 04:15 inch/
drwxrwxrwt 2 bin 20992 Jan 19 04:15 leam/
drwxr-xr-x 2 root 8192 Nov 10 13:39 lost+found/ <- only two links
drwxr-xr-x 5 steve 512 Nov 17 12:34 sun3.4.0.1/
drwxrwxrwt 2 bin 14848 Jan 19 04:15 swift/
% mv lost+found foo
mv: lost+found: rename: Not owner
% ls -al
total 76
drwxrwxrwt 10 bin 2048 Jan 19 08:52 ./
drwxr-xr-x 20 bin 1024 Jan 10 14:52 ../
-rw-r--r-- 1 root 200 Jan 17 11:57 .getwd
drwxrwxrwt 2 bin 12800 Jan 19 04:15 alph/
drwxrwxrwt 6 bin 1024 Jan 19 08:42 avon/
drwxr-xr-x 2 steve 512 Nov 21 11:23 cmr/
drwxr-xr-x 3 root 8192 Nov 10 13:39 foo/ <-
drwxrwxrwt 10 bin 3584 Jan 19 04:15 inch/ |_ 3 links
drwxrwxrwt 2 bin 20992 Jan 19 04:15 leam/ |
drwxr-xr-x 3 root 8192 Nov 10 13:39 lost+found/ <-
drwxr-xr-x 5 steve 512 Nov 17 12:34 sun3.4.0.1/
drwxrwxrwt 2 bin 14848 Jan 19 04:15 swift/
% rmdir foo
rmdir: foo: Not owner
% su
Password:
# rmdir foo
rmdir: foo: Directory not empty
# /etc/unlink foo
# ls -al
total 76
drwxrwxrwt 10 bin 2048 Jan 19 08:52 .
drwxr-xr-x 20 bin 1024 Jan 10 14:52 ..
-rw-r--r-- 1 root 200 Jan 17 11:57 .getwd
drwxrwxrwt 2 bin 12800 Jan 19 04:15 alph
drwxrwxrwt 6 bin 1024 Jan 19 08:42 avon
drwxr-xr-x 2 steve 512 Nov 21 11:23 cmr
drwxr-xr-x 3 root 8192 Nov 10 13:39 foo
drwxrwxrwt 10 bin 3584 Jan 19 04:15 inch
drwxrwxrwt 2 bin 20992 Jan 19 04:15 leam
drwxr-xr-x 3 root 8192 Nov 10 13:39 lost+found
drwxr-xr-x 5 steve 512 Nov 17 12:34 sun3.4.0.1
drwxrwxrwt 2 bin 14848 Jan 19 04:15 swift
# cat > u.c
main(argc, argv)
int argc;
char **argv;
{
if(unlink(argv[1]) == -1)
perror(argv[1]);
}
# make u
cc -sun3 -o u u.c
# ./u foo
foo: Not owner
# ls -al
total 101
drwxrwxrwt 10 bin 2048 Jan 19 08:54 .
drwxr-xr-x 20 bin 1024 Jan 10 14:52 ..
-rw-r--r-- 1 root 200 Jan 17 11:57 .getwd
drwxrwxrwt 2 bin 12800 Jan 19 04:15 alph
drwxrwxrwt 6 bin 1024 Jan 19 08:42 avon
drwxr-xr-x 2 steve 512 Nov 21 11:23 cmr
drwxr-xr-x 3 root 8192 Nov 10 13:39 foo
drwxrwxrwt 10 bin 3584 Jan 19 04:15 inch
drwxrwxrwt 2 bin 20992 Jan 19 04:15 leam
drwxr-xr-x 3 root 8192 Nov 10 13:39 lost+found
drwxr-xr-x 5 steve 512 Nov 17 12:34 sun3.4.0.1
drwxrwxrwt 2 bin 14848 Jan 19 04:15 swift
-rwxr-xr-x 1 root 24576 Jan 19 08:54 u
-rw-r--r-- 1 root 90 Jan 19 08:54 u.c
# ^D
% cd /
% su
Password:
# /etc/umount /tmp
# /etc/fsck /tmp
** /dev/rxy1d
** Last Mounted on /tmp
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
/foo IS AN EXTRANEOUS HARD LINK TO DIRECTORY /lost+found
REMOVE? y
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
LINK COUNT DIR I=3 OWNER=root MODE=40755
SIZE=8192 MTIME=Nov 10 13:39 1988 COUNT 3 SHOULD BE 2
ADJUST? y
** Phase 5 - Check Cyl groups
3156 files, 40043 used, 37904 free (416 frags, 4686 blocks, 0.5% fragmentation)
***** FILE SYSTEM WAS MODIFIED *****
# /etc/mount /tmp
# cd /tmp
# ls -al
total 93
drwxrwxrwt 10 bin 2048 Jan 19 08:54 .
drwxr-xr-x 20 bin 1024 Jan 10 14:52 ..
-rw-r--r-- 1 root 200 Jan 17 11:57 .getwd
drwxrwxrwt 2 bin 12800 Jan 19 04:15 alph
drwxrwxrwt 6 bin 1024 Jan 19 08:42 avon
drwxr-xr-x 2 steve 512 Nov 21 11:23 cmr
drwxrwxrwt 10 bin 3584 Jan 19 04:15 inch
drwxrwxrwt 2 bin 20992 Jan 19 04:15 leam
drwxr-xr-x 2 root 8192 Nov 10 13:39 lost+found
drwxr-xr-x 5 steve 512 Nov 17 12:34 sun3.4.0.1
drwxrwxrwt 2 bin 14848 Jan 19 04:15 swift
-rwxr-xr-x 1 root 24576 Jan 19 08:54 u
-rw-r--r-- 1 root 90 Jan 19 08:54 u.c
...
script done on Thu Jan 19 08:56:25 1989
--
UUCP: ...!ukc!warwick!steve Internet: steve@maths.warwick.ac.uk
JANET: steve@uk.ac.warwick.maths PHONE: +44 203 523523 x2657
[[ I don't know why I wasn't able to recreate it before. I thought I was
doing all the right things. But I have confirmed it now: this behavior
can be duplicated under 4.0.1. Thank you for sending a typescript. It is
much clearer and more precise than a wordy explanation. --wnl ]]hmj@uunet.uu.net (Hannu-Matti J{rvinen) (01/25/89)
First as user hmj I create directory test with permissions described
above. Then I make an ordinary file (file1). This sequence is made on
4.0.1 on local disk, but NFS disck works same way.
% mkdir test
% chmod 7777 test
% ls -lsd test
1 drwsrwxrwt 2 hmj 512 Jan 19 16:59 test/
% cd test
% touch file1
% ls -ls
total 0
0 -rw-r--r-- 1 hmj 0 Jan 19 17:00 file1
%
Then I changed my role to user ks and used cd to get the previous
directory. I should have included the fact that you have to be a
different user than the owner of the files. In fact, this makes the
problem even worse.
% ls -ls
total 0
0 -rw-r--r-- 1 hmj 0 Jan 19 17:00 file1
% mv file1 file2
mv: file1: rename: Not owner
(Yes, you were right, it is rename, but how would you explain the following, if my
guess was wrong?)
% ls -lsi
total 0
53392 0 -rw-r--r-- 2 hmj 0 Jan 19 17:00 file1
53392 0 -rw-r--r-- 2 hmj 0 Jan 19 17:00 file2
%
So rename refuses but something makes the link anyway. This works for
directories, too. I am NOT going to demonstrate it, because unlink (see
man 8 unlink) won't remove it (but I agree, it should). I haven't tried
unlink(2), but according to the manual page of unlink(8) that test should
be unnecessary.
Hannu-Matti Jarvinen, Tampere University of Technology, Finland
hmj@tut.fi, hmj@tut.uucp, hmj@tut.funet (tut.ARPA is not the same computer).
[[ My guess is that this is a bug in the "rename" system call. It should
be doing more thorough permission checks before starting *anything* in the
rename. A rename seems like it would be simple enough: just change the
string in the directory. However, due to various Unix idiosyncrasies, the
"rename" system call really does pretty much just the same thing as
'unlink("new"); link("old", "new"); unlink("old");' (at least in 4.3).
--wnl ]]