Hi Michael, On 02/05/2015 11:44 AM, Michael Kerrisk (man-pages) wrote: > On 09/10/2014 03:01 PM, Denys Vlasenko wrote: >> We have users who are terribly confused why their binaries >> with CAP_DAC_OVERRIDE capability see EACCESS from access() calls, >> but are able to read the file. >> >> The reason is access() isn't the "can I read/write/execute this file?" >> question, it is the "(assuming that I'm a setuid binary,) can *the user >> who invoked me* read/write/execute this file?" question. >> >> That's why it uses real UIDs as documented, and why it ignores >> capabilities when capability-endored binaries are run by non-root >> (this patch adds this information). >> >> To make users more likely to notice this less-known detail, >> the patch expands the explanation with rationale for this logic >> into a separate paragraph. > > Thanks, Denys. Applied. I don't see it in git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
