diff options
author | jbranso@dismail.de <jbranso@dismail.de> | 2024-10-16 19:30:21 -0400 |
---|---|---|
committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2024-11-12 00:35:13 +0100 |
commit | 3155d45e7e5427c97c1adcdc0d8497635aa2a6eb (patch) | |
tree | 8635a1f62e0c44f7dff30a9f40c672060023dd6a /hurd | |
parent | f5f1898cf0bd6410c4bace9f8cb6235493f819df (diff) |
add translator/fakeroot page
* hurd/translator.mdwn: add a link to fakeroot
* hurd/translator/fakeroot.mdwn: I added a trivial example.
Message-ID: <20241016233039.17856-5-jbranso@dismail.de>
Diffstat (limited to 'hurd')
-rw-r--r-- | hurd/translator.mdwn | 1 | ||||
-rw-r--r-- | hurd/translator/fakeroot.mdwn | 86 |
2 files changed, 87 insertions, 0 deletions
diff --git a/hurd/translator.mdwn b/hurd/translator.mdwn index 1a8f8adf..3ed8b233 100644 --- a/hurd/translator.mdwn +++ b/hurd/translator.mdwn @@ -107,6 +107,7 @@ The [[concept|concepts]] of translators creates its own problems, too: * [[unionfs]] * [[nfs]] * [[symlink]] +* [[fakeroot]] * [[firmlink]] * [[fifo]] * [[term]] diff --git a/hurd/translator/fakeroot.mdwn b/hurd/translator/fakeroot.mdwn new file mode 100644 index 00000000..59dd7ead --- /dev/null +++ b/hurd/translator/fakeroot.mdwn @@ -0,0 +1,86 @@ +[[!meta copyright="Copyright © 2024 Free Software Foundation, +Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +[[!tag stable_URL]] + +A translator for faking privileged access to an underlying filesystem. + +This translator appears to give transparent access to the underlying +directory node. However, all accesses are made using the credentials +of the translator regardless of the client and the translator fakes +success for chown and chmod operations that only root could actually +do, reporting the faked IDs and modes in later stat calls, and allows +any user to open nodes regardless of permissions as is done for root. + +## A trivial example + +Let's demonstrate that chown and chgrp requires root permission. + + $ mkdir ~/etc + $ touch ~/etc/this + $ settrans ~/etc/this /hurd/hello + $ ls -lha ~/etc/ + total 12K + drwxr-xr-x 2 joshua joshua 4.0K Oct 15 20:12 . + drwxr-xr-x 33 joshua joshua 4.0K Oct 15 20:11 .. + -r--r--r-- 1 joshua joshua 14 Oct 15 20:12 this + $ + $ chown root ~/etc/this + chown: changing ownership of '/home/joshua/etc/this': Operation not permitted + +Now, let's run through `fakeroot-hurd`: + + $ fakeroot + # ls -lha ~/etc/ + total 12K + drwxr-xr-x 2 root root 4.0K Oct 15 20:12 . + drwxr-xr-x 33 root root 4.0K Oct 15 20:11 .. + -r--r--r-- 1 root root 14 Oct 15 20:12 this + +The shell now believes we are root, and all the owner and group are turned into +root. Now we can chmod, chown, chgrp, ... + + # chown daemon ~/etc/this + # ls -lha ~/etc/ + total 12K + drwxr-xr-x 2 root root 4.0K Oct 15 20:12 . + drwxr-xr-x 33 root root 4.0K Oct 15 20:11 .. + -r--r--r-- 1 daemon root 14 Oct 15 20:12 this + +## A manual example + +We can also attach `/hurd/fakeroot` manually to `~/etc`, and we'll be able to +use `chown`, `chgrp`, `chmod`, etc. as a normal user. + + $ settrans ~/etc /hurd/fakeroot + $ cd ~/etc + $ cd + $ showtrans ~/etc + /hurd/fakeroot + $ ls -lha ~/etc/ + + total 16K + drwxr-xr-x 2 joshua joshua 4.0K Oct 15 20:12 . + drwxr-xr-x 33 root root 4.0K Oct 15 20:11 .. + -r--r--r-- 1 root root 14 Oct 15 20:12 this + +`fakeroot` turns all the owner and group to root when it starts. Now +we can chmod, chown, and chgrp as a normal user. + + $ chown joshua ~/etc/this + $ chgrp joshua ~/etc/this + $ chmod +xr ~/etc/this + $ ls -lha ~/etc/ + total 16K + drwxr-xr-x 2 joshua joshua 4.0K Oct 15 20:12 . + drwxr-xr-x 33 root root 4.0K Oct 15 20:11 .. + -rwxr-xr-x 1 joshua joshua 14 Oct 15 20:12 this + |