[OpenAFS-devel] creation of files with uid/gid 0 ?
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 15 Aug 2005 18:30:16 -0400
On Friday, August 12, 2005 08:10:04 PM -0500 Troy Benjegerdes
<hozer@hozed.org> wrote:
> In my AFS as root filesystem testing, I ran into another snag..
>
> I want to add a regular user to a group, and have them be able to do
> things like install software on a node image, but I don't want to have
> them be in the 'system:administrators' group..
>
> What code makes members of the 'system:administrators' group special so
> they can create files owned by uid/gid 0, but not regular users? Is
> there a reasonable way to modify this, maybe on a per-volume basis?
Membership in the system:administrators group confers superuser privileges
with respect to the AFS filesystem. Members of this group can do things
like manipulate ACL's on directories where they don't have admin access,
and can also do a variety of things that are not permitted for ordinary
users. Among these are the ability to change the ownership of files and to
set the setuid and setgid bits on files.
The code that enforces this restriction lives in a variety of places within
the fileserver. Most of the work is done in src/viced/afsfileprocs.c, in
Check_PermissionRights() and Update_TargetVnodeStatus().
Any change to these restrictions is likely to have significant security
implications, and should be reviewed carefully before being accepted or
deployed.
-- Jeff