On Tue, Dec 29, 2020 at 04:25:47AM -0800, L.A. Walsh wrote: > xfs_io checks for CAP_SYS_ADMIN in order to open a > file_by_inode -- however, if the file one is opening > is owned by the user performing the call, the call should > not fail. No. xfs_open_by_handle() requires root permissions because it bypasses lots of security checks, such as parent directory permissions, ACLs and security labels. e.g. backups under a root-only directory heirarchy should not be accessible to users because users are not allowed to traverse into those root:root 0700 backup directories because permissions on the directory inodes do not allow non-root users to enter them. Hence ... > (i.e. it opens the user's own file). ... the user doesn't actually own that file, even though it has their own UID in it... > It gets rid of some unnecessary error messages if you > run xfs_restore to restore one of your own files. That's not really a user case xfs_restore is intended to support. It's an admin tool to be run by admins, not end users.... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
