diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-06-15 06:46:24 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-06-15 06:46:24 +0000 |
| commit | b0de3b78d30933a54b88a654179e054220a5bae1 (patch) | |
| tree | e691552bf40e3d3f99d12bdb37598cf99ff65f3c /usr.bin/quota | |
| parent | 6b6dc4fc6d5771dee77980e23420217b2137ade3 (diff) | |
| download | FreeBSD-src-b0de3b78d30933a54b88a654179e054220a5bae1.zip FreeBSD-src-b0de3b78d30933a54b88a654179e054220a5bae1.tar.gz | |
Now that the kernel access control for quotactl(2) appears to work
properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control.
Diffstat (limited to 'usr.bin/quota')
| -rw-r--r-- | usr.bin/quota/Makefile | 1 | ||||
| -rw-r--r-- | usr.bin/quota/quota.c | 17 |
2 files changed, 0 insertions, 18 deletions
diff --git a/usr.bin/quota/Makefile b/usr.bin/quota/Makefile index 4d41fae..666a3ba 100644 --- a/usr.bin/quota/Makefile +++ b/usr.bin/quota/Makefile @@ -3,7 +3,6 @@ PROG= quota BINOWN= root -BINMODE=4555 DPADD= ${LIBRPCSVC} LDADD= -lrpcsvc diff --git a/usr.bin/quota/quota.c b/usr.bin/quota/quota.c index 6ce25bf..d30184f 100644 --- a/usr.bin/quota/quota.c +++ b/usr.bin/quota/quota.c @@ -205,10 +205,6 @@ showuid(u_long uid) else name = pwd->pw_name; myuid = getuid(); - if (uid != myuid && myuid != 0) { - printf("quota: %s (uid %lu): permission denied\n", name, uid); - return; - } showquotas(USRQUOTA, uid, name); } @@ -226,10 +222,6 @@ showusrname(char *name) return; } myuid = getuid(); - if (pwd->pw_uid != myuid && myuid != 0) { - warnx("%s (uid %u): permission denied", name, pwd->pw_uid); - return; - } showquotas(USRQUOTA, pwd->pw_uid, name); } @@ -259,10 +251,6 @@ showgid(u_long gid) for (i = 0; i < ngroups; i++) if (gid == gidset[i]) break; - if (i >= ngroups && getuid() != 0) { - warnx("%s (gid %lu): permission denied", name, gid); - return; - } } showquotas(GRPQUOTA, gid, name); } @@ -292,11 +280,6 @@ showgrpname(char *name) for (i = 0; i < ngroups; i++) if (grp->gr_gid == gidset[i]) break; - if (i >= ngroups && getuid() != 0) { - warnx("%s (gid %u): permission denied", name, - grp->gr_gid); - return; - } } showquotas(GRPQUOTA, grp->gr_gid, name); } |
