admin user (and ditto group member) no longer has the corresponding permissions?!
admin user (and ditto group member) no longer has the corresponding permissions?!
- Subject: admin user (and ditto group member) no longer has the corresponding permissions?!
- From: René J.V. Bertin via X11-users <email@hidden>
- Date: Mon, 27 Jul 2020 21:10:40 +0200
Hi,
(Cross-post - apologies - explanation below)
To streamline things as a port dev/maintainer I've set `macportsuser` to
myself, which means that as a member of the admin group I get to do a lot of
things without needing to sudo all the time. I know the risks, and always
managed to avoid them.
And now something has changed, not just for the MacPorts-related directories
(the build dir, in particular), but system-wide, and even after a reboot.
I'm still an admin user, and AFAICT I can still do everything I could through
the GUI. I can still "sudo". But I can no longer access files that are not mine
and don't have the required permissions for "other" users. I have another admin
user account ("adplus"), and when I su or FUS as/to that account I can still do
anything I expect to be able to do. The group memberships are almost strictly
identical: my usual account just is a member of the access_bpf (wireshark) and
procmod groups.
For instance:
```
%> mkdir /tmp/kk
%> sudo chown root:admin /tmp/kk ; sudo chmod 770 /tmp/kk ; \ls -ldO /tmp/kk ;
\ls -lO /tmp/kk
drwxrwx--- 2 root admin - 68 Jul 27 20:14 /tmp/kk
%> date > /tmp/kk/kkk
/tmp/kk/kkk: Permission denied.
Exit 1
%> \ls -lO /tmp/kk
ls: kk: Permission denied
Exit 1
%> su -l adplus
%> date > /tmp/kk/kkk
%> \ls -lO /tmp/kk
total 8
-rw-r--r-- 1 adplus admin - 30 Jul 27 20:29 kkk
```
Now, to make this more interesting: the above applies to a shell running in a
terminal emulator that gets started when I launch my X11 environment (from the
X11 icon in the Dock). Shells running in Terminal.app (also launched from the
Dock) give me all the permissions I expect, and if I start my X terminal
emulator from such a shell it inherits those permissions. Launching X11 from a
shell in Terminal.app doesn't help.
In short, it looks like somehow my regular user account gets partly crippled
when I start my X11 environment the way I used to, or at least in shells
launched through xterm. Specifically, I can launch a Terminal.app or iTerm.app
from my xinitrc script, and I'll have the expected permissions in there. But
when I launch an xterm through that test shell, I will not have all permissions.
I seem to have read reports of something like this on the XQuartz ML (which is
why I'm cross-posting) but I'm running OS X 10.9.5 which hasn't seen any
system/policy updates for quite some time (and certainly not during the
previous 19-day uptime, not that I recall at least). I'm using an X11 server
built from version of the MacPorts port:x11 (and haven't touched anything in
there either).
Any idea what on earth is happening here, what could have changed?
Thanks!
René Bertin
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden