On Thu, 2006-08-10 at 11:06 -0700, Bryan Henderson wrote: > What you're describing is not a need to perform operations as another > user, but a need to perform them with DAC_OVERRIDE capability. In Linux, > having uid 0 buys you nothing but access to files owned by uid 0. Sorry, but CAP_DAC_OVERRIDE can, and usually will, be overridden in a typical selinux environment. That is precisely why we had to abandon using it for privileged operations such as binding a socket to a reserved port in the SUNRPC layer in the early 2.6.x days. Josef, if you really need to do this hidden directory creation (which is also something which is not supported by all filesystems, BTW - remember FAT and its 8+3 filenames?) then why not use that as a flag to signal that the directory is visible to unionfs rather than have it signal invisibility? Then leave the whole issue of whether or not to set it to the user. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
