capabilities.7: CAP_FOWNER also allows modifying user xattrs on sticky directories

See fs/xattr.c::xattr_permission()" /* * In the user.* namespace, only regular files and directories can have * extended attributes. For sticky directories, only the owner and * privileged users can write attributes. */ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) return (mask & MAY_WRITE) ? -EPERM : -ENODATA; if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) return -EPERM; } Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2019-07-01 09:48:11 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2019-07-01 09:59:37 +0200
commit: c99eb2b204244ce460be75889bb44d4f182f4da7 (patch)
tree: fa9757e5c0a51d33dabeb9bd90aecd122ca251ea /man7
parent: fc8d1db1b4b598f800ecfa13c0463ae9c36783d7 (diff)
download: man-pages-c99eb2b204244ce460be75889bb44d4f182f4da7.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index bcf6309e5b..e9f46487aa 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -137,6 +137,10 @@ set Access Control Lists (ACLs) on arbitrary files;
 .IP *
 ignore directory sticky bit on file deletion;
 .IP *
+modify
+.I user
+extended attributes on sticky directory owned by any user;
+.IP *
 specify
 .B O_NOATIME
 for arbitrary files in
author	Michael Kerrisk <mtk.manpages@gmail.com>	2019-07-01 09:48:11 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2019-07-01 09:59:37 +0200
commit	c99eb2b204244ce460be75889bb44d4f182f4da7 (patch)
tree	fa9757e5c0a51d33dabeb9bd90aecd122ca251ea /man7
parent	fc8d1db1b4b598f800ecfa13c0463ae9c36783d7 (diff)
download	man-pages-c99eb2b204244ce460be75889bb44d4f182f4da7.tar.gz