Inheriting from parent directories that are mountpoints
Posted: Wed May 19, 2004 9:55 amQuick question. I have an rsync process that is run from cron. With the following ACLs, rsync was unable to see the files in /home/secft/download
This wouldn't have been so bad, except that nothing turned up in the logs. After I added the folllowing there was much joy:
I suspect this is tied up with the fact that /home/secft is a mountpoint. There was another post referring to a somewhat similar issue with mountpoints (
http://forums.grsecurity.net/viewtopic.php?t=396&highlight=mount+point)
My first question is whether it is true that mountpoints don't inherit ACLs from their parent directories. My other, more important (to me) question is why nothing appeared in the logs when rsync tried to list files in /home/secft/download?
Cheers, and keep the great work Grsec and PAX teams!
BMcMurphy
- Code: Select all
subject /usr/bin/rsync o {
/ h
/etc r
/etc/ssh h
/etc/grsec h
/etc/shadow h
/home h
/home/secft/download rwcd
/lib rx
/usr h
/usr/bin/rsync x
/usr/bin/ssh x
/root
+CAP_ALL
bind disabled
connect disabled
}
This wouldn't have been so bad, except that nothing turned up in the logs. After I added the folllowing there was much joy:
- Code: Select all
/home/secft r
I suspect this is tied up with the fact that /home/secft is a mountpoint. There was another post referring to a somewhat similar issue with mountpoints (
http://forums.grsecurity.net/viewtopic.php?t=396&highlight=mount+point)
My first question is whether it is true that mountpoints don't inherit ACLs from their parent directories. My other, more important (to me) question is why nothing appeared in the logs when rsync tried to list files in /home/secft/download?
Cheers, and keep the great work Grsec and PAX teams!
BMcMurphy
