diff options
author | trasz <trasz@FreeBSD.org> | 2008-11-06 19:17:58 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2008-11-06 19:17:58 +0000 |
commit | 5ec338f603bfe525c857887fc437719a2f20df81 (patch) | |
tree | 0b19095cf5a1cebdbac71344217648ea8380ef5d | |
parent | ff5dcb8a8b07e206fe94e7f16221124521d87511 (diff) | |
download | FreeBSD-src-5ec338f603bfe525c857887fc437719a2f20df81.zip FreeBSD-src-5ec338f603bfe525c857887fc437719a2f20df81.tar.gz |
Change ZFS behaviour to match UFS: when moving (rename(2)) a subdirectory
from one parent directory to another, in addition to the usual access checks
one also needs write access to the subdirectory being moved.
Approved by: rwatson (mentor), pjd
-rw-r--r-- | sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c | 7 | ||||
-rw-r--r-- | tools/regression/fstest/tests/rename/21.t | 38 |
2 files changed, 45 insertions, 0 deletions
diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c index dd94618..df0db5f 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c @@ -1580,7 +1580,14 @@ zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, /* * Rename permissions are combination of delete permission + * add file/subdir permission. + * + * BSD operating systems also require write permission + * on the directory being moved. */ + if (ZTOV(szp)->v_type == VDIR) { + if (error = zfs_zaccess(szp, ACE_WRITE_DATA, cr)) + return (error); + } /* * first make sure we do the delete portion. diff --git a/tools/regression/fstest/tests/rename/21.t b/tools/regression/fstest/tests/rename/21.t new file mode 100644 index 0000000..3a07f17 --- /dev/null +++ b/tools/regression/fstest/tests/rename/21.t @@ -0,0 +1,38 @@ +#!/bin/sh +# $FreeBSD$ + +desc="write access to subdirectory is required to move it to another directory" + +dir=`dirname $0` +. ${dir}/../misc.sh + +echo "1..12" + +n0=`namegen` +n1=`namegen` +n2=`namegen` +n3=`namegen` + +expect 0 mkdir ${n2} 0777 +expect 0 mkdir ${n3} 0777 +cdir=`pwd` + +# Check that write permission on containing directory (${n2}) is not enough +# to move subdirectory (${n0}) from that directory. +expect 0 mkdir ${n2}/${n0} 0700 +expect EACCES -u 65534 -g 65534 rename ${n2}/${n0} ${n3}/${n0} + +expect 0 rmdir ${n2}/${n0} +expect ENOENT rmdir ${n2}/${n0} + +# Check that write permission on containing directory (${n2}) is enough +# to move file (${n0}) from that directory. +expect 0 create ${n2}/${n0} 0755 +expect 0 -u 65534 -g 65534 rename ${n2}/${n0} ${n3}/${n0} + +expect 0 unlink ${n3}/${n0} +expect ENOENT unlink ${n2}/${n0} + +expect 0 rmdir ${n3} +expect 0 rmdir ${n2} + |