[OpenAFS-devel] creation of files with uid/gid 0 ?

Troy Benjegerdes hozer@hozed.org
Thu, 18 Aug 2005 12:28:03 -0500 

On Mon, Aug 15, 2005 at 06:30:16PM -0400, Jeffrey Hutzelman wrote:
> 
> 
> On Friday, August 12, 2005 08:10:04 PM -0500 Troy Benjegerdes 
> <hozer@hozed.org> wrote:
> 
> >In my AFS as root filesystem testing, I ran into another snag..
> >
> >I want to add a regular user to a group, and have them be able to do
> >things like install software on a node image, but I don't want to have
> >them be in the 'system:administrators' group..
> >
> >What code makes members of the 'system:administrators' group special so
> >they can create files owned by uid/gid 0, but not regular users? Is
> >there a reasonable way to modify this, maybe on a per-volume basis?
> 
> Membership in the system:administrators group confers superuser privileges 
> with respect to the AFS filesystem.  Members of this group can do things 
> like manipulate ACL's on directories where they don't have admin access, 
> and can also do a variety of things that are not permitted for ordinary 
> users.  Among these are the ability to change the ownership of files and to 
> set the setuid and setgid bits on files.
> 
> The code that enforces this restriction lives in a variety of places within 
> the fileserver.  Most of the work is done in src/viced/afsfileprocs.c, in 
> Check_PermissionRights() and Update_TargetVnodeStatus().
> 
> Any change to these restrictions is likely to have significant security 
> implications, and should be reviewed carefully before being accepted or 
> deployed.

So is something like what I attached below a start? I also can't seem to
figure out how to find out what the volume owner is set to. I'd expect
'vos exa volume -verbose' might have it, but it doesn't.

Why is there a separate 'Check_PermissionsRights()' and
'Update_TargetVnodeStatus()', which seem to do very similiar checks?

===================================================================
RCS file: /cvs/openafs/src/viced/afsfileprocs.c,v
retrieving revision 1.92
diff -u -r1.92 afsfileprocs.c
--- afsfileprocs.c      14 Aug 2005 02:10:07 -0000      1.92
+++ afsfileprocs.c      18 Aug 2005 17:10:13 -0000
@@ -855,12 +855,17 @@
                        || CHGRP(InStatus, targetptr)) {
                        if (readonlyServer)
                            return (VREADONLY);
-                       else if (VanillaUser(client))
+#if 0
+                       else if (VanillaUser(client)){
+#else
+                       else if (VanillaUser(client) &&
!VolumeOwner(client,targetptr)){
+#endif
                            return (EPERM);     /* Was EACCES */
-                       else
+                       } else {
                            osi_audit(PrivilegeEvent, 0, AUD_ID,
                                      (client ? client->ViceId : 0),
AUD_INT,
                                      CallingRoutine, AUD_END);
+                       }
                    }
                    /* must be sysadmin to set suid/sgid bits */
                    if ((InStatus->Mask & AFS_SETMODE) &&