[OpenAFS-devel] [PATCH] afs, bash: Fix open(O_CREAT) on an extant AFS file in a sticky dir

Cheyenne Wills cwills@sinenomine.net
Sat, 17 May 2025 10:06:48 -0600 

On Tue, 29 Apr 2025 17:37:31 +0100
David Howells <dhowells@redhat.com> wrote:
>     
> Bash has a work around in redir_open() that causes open(O_CREAT) of a
> file in a sticky directory to be retried without O_CREAT if bash was
> built with AFS workarounds configured:
> 
>         #if defined (AFS)
>               if ((fd < 0) && (errno == EACCES))
>             {
>               fd = open (filename, flags & ~O_CREAT, mode);
>               errno = EACCES;    /* restore errno */
>             }
> 
>         #endif /* AFS */
> 
> This works around the kernel not being able to validly check the
> current_fsuid() against i_uid on the file or the directory because the
> uidspaces of the system and of AFS may well be disjoint.  The problem
> lies with the uid checks in may_create_in_sticky().
> 
> However, the bash work around is going to be removed:
> 
>         https://git.savannah.gnu.org/cgit/bash.git/tree/redir.c?h=bash-5.3-rc1#n733
> 
> ....
> 
> This can be tested by creating a sticky directory (the user must have
> a token to do this) and creating a file in it.  Then strace bash
> doing "echo foo >>file" and look at whether bash does a single,
> successful O_CREAT open on the file or whether that one fails and
> then bash does one without O_CREAT that succeeds.
> 

I performed the following test on 2 systems, one a centos 6 system with
bash 4.1.2 running openafs 1.8.13.1, the other, a current gentoo system
with bash 5.2 (without the "afs" USE option as well) with openafs built
off the master branch.

Within an afs directory:

    mkdir testdir
    chmod +x testdir
    cd testdir
    echo "1234" > somefile
    echo "abcd" >> somefile  << did this while stracing the bash process

I only see one "open" in the strace output:
    $ strace -f -o bashtrace -p 1323 
    Process 1323 attached
    ^CProcess 1323 detached
    $ grep -i open bashtrace 
    1323  open("somefile", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
    $

So, assuming David's test is correct, it appears that the bash
workaround in redir_open is no longer needed with the more recent
openafs versions.