While debugging a USB device usage I've come across a puzzling behavior of open(2):
admin@anahata-core-i5:/tmp$ groups
admin sudo
admin@anahata-core-i5:/tmp$ ls -l /dev/bus/usb/001/051
crw-rw----+ 1 root audio 189, 50 Jun 19 20:03 /dev/bus/usb/001/051
admin@anahata-core-i5:/tmp$ cat test.c
#include <fcntl.h>
int main()
{
return open("/dev/bus/usb/001/051",O_RDWR);
}
admin@anahata-core-i5:/tmp$ gcc test.c -o test && ./test ; echo $?
3
As you can see in the above session log, despite /dev/bus/usb/001/051 being accessible only to user root and group audio, I still successfully open the file for reading and writing.
What's going on? Why don't I get EPERM?
EDIT in response to comment:
admin@anahata-core-i5:/tmp$ getfacl /dev/bus/usb/001/051
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/001/051
# owner: root
# group: audio
user::rw-
user:admin:rw-
group::rw-
mask::rw-
other::---
The + in mode output of ls -l (crw-rw----+) means that ACLs are being used. The output of getfacl /dev/bus/usb/001/051 in the OP contains one particular line:
user:admin:rw-
This means that, in addition to other permission settings, user admin is granted read and write permission for this file.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments