Chapter 8: The Virtual Filesystem
successful, the mode value needs to be shifted by three places such that the mode bits for ‘‘group’’ are
now the least significant ones. Note that the kernel may also need to perform an ACL check, which is
described below.
If both UID and GID checks fail, then no shifting of the mode bits is performed, and the bits for ‘‘other’’
remain the least significant ones.
The discretionary access control (DAC) check is then performed on the chosen permission bits as follows:
fs/namei.c
...
if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
return 0;
...
If the required permissionsmaskis allowed by themodepermission bits, then a zero is returned. This
signals that the operation is allowed.
Failure of the DAC check does not yet mean that the desired operation is forbidden since capabilities
might still allow it. The kernel tests this as follows:
fs/namei.c
...
check_capabilities:
/*
* Read/write DACs are always overridable.
* Executable DACs are overridable if at least one exec bit is set.
*/
if (!(mask & MAY_EXEC) ||
(inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
if (capable(CAP_DAC_OVERRIDE))
return 0;
/*
* Searching includes executable on directories, else just read.
*/
if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
if (capable(CAP_DAC_READ_SEARCH))
return 0;
return -EACCES;
}
If the process possesses the capabilityDAC_CAP_OVERRIDE, the desired permission is granted if any of the
following conditions holds:
❑ Read or Write access, butnotExecution access was requested.
❑ Any of the three possible execution bits is set.
❑ The inode represents a directory.
