[sheepdog-users] dog located in /usr/sbin, but executable by other

Valerio Pachera sirio81 at gmail.com
Mon Nov 24 13:05:14 CET 2014


2014-11-23 10:43 GMT+01:00 Fabian Zimmermann <dev.faz at gmail.com>:
> So if this is a feature, I would assume dog in /usr/bin, but if this is
> a bug chmod o-x should be done, isn't it?


Hi Fabian, I asked about the same question time ago.
The answer I got was:
> Sheepdog has no ACL for users.  If you can run dog, you can issue the command.

The issue is there but I don't think it's packaging related and here's why:

if you look at all file in /usr/sbin their permission are 755
(I'm sepaking of a standard debian installation).
Also /sbin is the same.
As normal user, if you run 'ifconfig' it doesn't work because it's not
in the user's path.
If you run /sbin/ifconfig, it prints its output.
If you try to add and ip as normal user by /sbin/ifconfig, it will
print an error like 'operation not permitted'.
So it's ifconfig checking if you are super user and choose what you
are allows to do.

I also reported a bug about this, because I think there should be some
think a normal user can do, and other that can't (alike ifconfig).
https://bugs.launchpad.net/sheepdog-project/+bug/1335151

As of now, you better chmod o-x /usr/sbin/dog.



More information about the sheepdog-users mailing list