LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   setfsuid has no effect on access (https://www.linuxquestions.org/questions/linux-newbie-8/setfsuid-has-no-effect-on-access-4175523988/)

keshavan 11-01-2014 09:29 AM

setfsuid has no effect on access
 
I am trying to do file operations depending on logged-in user in my java web application. For this, I have used JNI native implementation to set the fs uid & fs gid to the logged-in user's uid and gid. Now, file operations are allowed only if the logged-in user has permissions.

I also want to retrieve whether the logged-in user has read/write/execute permissions for a file. Tried to use the access, faccessat system calls but they do not seem to be using the fs uid.

How do I get the file permissions for a logged-in user?

jpollard 11-02-2014 04:04 AM

Users don't have file permissions... They have UID/GID, and capabilities (usually minimal).

Files and directories have access permissions that are associated with the UID/GID assigned to the file. So users only have permissions when their UID/GID is matched against a specific file, and THEN the permissions associated with the file define what the user can do.

keshavan 11-02-2014 05:46 AM

Thanks Pollard for the inputs on the internal storage.

Found a simple way of solving the problem. I am sure that the solution is incomplete. Also, it does not take ACLs into account. However, even if access permissions were not accurate, the web application does not corrupt FS and at-most we get a permission denied error while performing file operations.

Suppose userName is the user logged-in into web application & path is the file path,

struct passwd *pw = getpwnam(userName);
if (pw == NULL) {
return NULL;
}
jint fill[3];//rwx - 1 indicates success, 0 indicates failure
if(pw->pw_uid == 0) {
fill[0] = fill[1] = fill[2] = 1;
} else {
struct stat info;
stat(path, &info);
int mode = info.st_mode;

if(pw->pw_uid == info.st_uid) {
fill[0] = mode & S_IRUSR ? 1 : 0; /* 3 bits for user */
fill[1] = mode & S_IWUSR ? 1 : 0;
fill[2] = mode & S_IXUSR ? 1 : 0;
} else if(pw->pw_gid == info.st_gid) {
fill[0] = mode & S_IRGRP ? 1 : 0; /* 3 bits for group */
fill[1] = mode & S_IWGRP ? 1 : 0;
fill[2] = mode & S_IXGRP ? 1 : 0;
} else {
fill[0] = mode & S_IROTH ? 1 : 0; /* 3 bits for group */
fill[1] = mode & S_IWOTH ? 1 : 0;
fill[2] = mode & S_IXOTH ? 1 : 0;
}
}

jpollard 11-02-2014 05:57 AM

Why not use "getuid"?

Basically, you just want the access function. You just have to specify what access you want to be tested.

BTW, you reference "the web application" - a web user is not the same as a "login". The only login web servers use is the one the server is running under, not what somebody "logged in" is.

The easiest way to access a file is still to just try to access it. If it doesn't work, you get an error.

keshavan 11-02-2014 06:21 AM

Sorry, I assumed a lot of things while posting. The user logged-in into the web application is also a linux user. getuid would return the uid of the user in whose context process is running. However, I need the uid of the linux user logged in into the application.

jpollard 11-02-2014 08:56 AM

Quote:

Originally Posted by keshavan (Post 5263299)
Sorry, I assumed a lot of things while posting. The user logged-in into the web application is also a linux user. getuid would return the uid of the user in whose context process is running. However, I need the uid of the linux user logged in into the application.

Ok.

But that still won't grant the web server access. And you might not even have access to the path to retrieve the permissions - as all of that is evaluated using the UID of web server.

keshavan 11-02-2014 10:43 PM

The process (not the web server process) doing the file operations is running as root.

jpollard 11-03-2014 04:12 AM

Ok. So the system is insecure (general assumption because web servers aren't all that secure - they are too large and do too many things to be verified).

Second, if the process is running as root, the best way to test is to set the effective UID, then make the access as that user.

The problem that exists is that you aren't testing the path to the file. The stat (operating as root) always has access to any intermediate directories or passing through symbolic links. Access via the actual user that gets tested every time.

keshavan 11-03-2014 05:58 AM

The process which does file operations is multi-threaded. Setting uid did not work. Have not tried setting effective uid. Before doing the file operation, we verify if the path is navigable (read + execute permissions for all parent folders).


All times are GMT -5. The time now is 03:14 AM.