From: Theodore Ts'o <tytso@mit.edu>
To: Jan Stancek <jstancek@redhat.com>
Cc: linux-fsdevel@vger.kernel.org, viro@ZenIV.linux.org.uk,
guaneryu@gmail.com, mszeredi@redhat.com,
Cyril Hrubis <chrubis@suse.cz>,
ltp@lists.linux.it, mtk.manpages@gmail.com
Subject: Re: utimensat EACCES vs. EPERM in 4.8+
Date: Mon, 16 Jan 2017 23:41:05 -0500 [thread overview]
Message-ID: <20170117044104.ktrtizpzhghqludn@thunk.org> (raw)
In-Reply-To: <18a5b416-ad6a-e679-d993-af7ffa0dcc10@redhat.com>
On Mon, Jan 16, 2017 at 04:46:45PM +0100, Jan Stancek wrote:
> 4.9 kernel and simple touch on immutable file gives me:
> utimensat(AT_FDCWD, "afile", NULL, 0) = -1 EPERM (Operation not permitted)
>
> while an older kernel it gives me:
> utimensat(AT_FDCWD, "afile", NULL, 0) = -1 EACCES (Permission denied)
>
> Do we need to update man page or fix kernel back to return EACCES?
Quoting from: http://blog.unclesniper.org/archives/2-Linux-programmers,-learn-the-difference-between-EACCES-and-EPERM-already!.html
It appears that many programmers are unaware that there is a
fundamental difference between the error codes EACCES (aka
"Permission denied") and EPERM (aka "Operation not permitted"). In
particular, a lot of code returns EPERM when they really mean
EACCES:
mist% killall sshd
sshd(2244): Operation not permitted
To clear this up: "Permission denied" means just that -- the
process has insufficient privileges to perform the requested
operation. Simply put, this means that "trying the same thing as
root will work". For instance, messing around with files you do not
have the appropriate permissions to (i.e. in the access(2) sense)
will get you EACCES:
mist% ls /root
ls: cannot open directory /root: Permission denied
On the other hand, "Operation not permitted" means the operation is
systematically not permissible; in other words it would be unwise
for the system to perform the requested operation -- regardless of
access privileges (think "I can't let you do that,
Dave."). Usually, this means that either the operation is not
supported (e.g. chmodding a file residing on a FAT filesystem --
FAT simply does not support permission bits, there is nothing
anyone can do about that) or it would endanger the integrity of the
system (e.g. creating additional hardlinks on a directory -- this
would mess up the reference counting mechanism and result in "lost"
disk space). Simply put, this means that "it cannot be done, not
even as root".
So next time you write code signalling errors with the E*
constants, think hard before choosing: Do user privileges play a
role in whether or not the error will occur? If yes, use EACCES. If
no, use EPERM.
- Ted
WARNING: multiple messages have this Message-ID (diff)
From: Theodore Ts'o <tytso@mit.edu>
To: ltp@lists.linux.it
Subject: [LTP] utimensat EACCES vs. EPERM in 4.8+
Date: Mon, 16 Jan 2017 23:41:05 -0500 [thread overview]
Message-ID: <20170117044104.ktrtizpzhghqludn@thunk.org> (raw)
In-Reply-To: <18a5b416-ad6a-e679-d993-af7ffa0dcc10@redhat.com>
On Mon, Jan 16, 2017 at 04:46:45PM +0100, Jan Stancek wrote:
> 4.9 kernel and simple touch on immutable file gives me:
> utimensat(AT_FDCWD, "afile", NULL, 0) = -1 EPERM (Operation not permitted)
>
> while an older kernel it gives me:
> utimensat(AT_FDCWD, "afile", NULL, 0) = -1 EACCES (Permission denied)
>
> Do we need to update man page or fix kernel back to return EACCES?
Quoting from: http://blog.unclesniper.org/archives/2-Linux-programmers,-learn-the-difference-between-EACCES-and-EPERM-already!.html
It appears that many programmers are unaware that there is a
fundamental difference between the error codes EACCES (aka
"Permission denied") and EPERM (aka "Operation not permitted"). In
particular, a lot of code returns EPERM when they really mean
EACCES:
mist% killall sshd
sshd(2244): Operation not permitted
To clear this up: "Permission denied" means just that -- the
process has insufficient privileges to perform the requested
operation. Simply put, this means that "trying the same thing as
root will work". For instance, messing around with files you do not
have the appropriate permissions to (i.e. in the access(2) sense)
will get you EACCES:
mist% ls /root
ls: cannot open directory /root: Permission denied
On the other hand, "Operation not permitted" means the operation is
systematically not permissible; in other words it would be unwise
for the system to perform the requested operation -- regardless of
access privileges (think "I can't let you do that,
Dave."). Usually, this means that either the operation is not
supported (e.g. chmodding a file residing on a FAT filesystem --
FAT simply does not support permission bits, there is nothing
anyone can do about that) or it would endanger the integrity of the
system (e.g. creating additional hardlinks on a directory -- this
would mess up the reference counting mechanism and result in "lost"
disk space). Simply put, this means that "it cannot be done, not
even as root".
So next time you write code signalling errors with the E*
constants, think hard before choosing: Do user privileges play a
role in whether or not the error will occur? If yes, use EACCES. If
no, use EPERM.
- Ted
next prev parent reply other threads:[~2017-01-17 4:42 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-16 15:46 utimensat EACCES vs. EPERM in 4.8+ Jan Stancek
2017-01-16 15:46 ` [LTP] " Jan Stancek
2017-01-16 15:53 ` Miklos Szeredi
2017-01-16 15:53 ` [LTP] " Miklos Szeredi
2017-01-17 0:04 ` Michael Kerrisk (man-pages)
2017-01-17 0:04 ` [LTP] " Michael Kerrisk
2017-01-17 4:50 ` Carlos O'Donell
2017-01-17 4:50 ` [LTP] " Carlos O'Donell
2017-01-17 4:50 ` Carlos O'Donell
2017-01-17 7:51 ` Jan Stancek
2017-01-17 7:51 ` [LTP] " Jan Stancek
2017-01-17 7:51 ` Jan Stancek
2017-01-17 7:57 ` Cyril Hrubis
2017-01-17 7:57 ` [LTP] " Cyril Hrubis
2017-01-17 9:39 ` Miklos Szeredi
2017-01-17 9:39 ` [LTP] " Miklos Szeredi
2017-01-17 9:39 ` Miklos Szeredi
2017-01-17 15:43 ` Cyril Hrubis
2017-01-17 15:43 ` [LTP] " Cyril Hrubis
2017-01-17 15:43 ` Cyril Hrubis
2017-01-18 8:23 ` Michael Kerrisk (man-pages)
2017-01-18 8:23 ` [LTP] " Michael Kerrisk
2017-01-18 8:23 ` Michael Kerrisk (man-pages)
2017-01-31 12:09 ` Cyril Hrubis
2017-01-31 12:09 ` [LTP] " Cyril Hrubis
2017-01-31 12:09 ` Cyril Hrubis
2017-01-17 4:41 ` Theodore Ts'o [this message]
2017-01-17 4:41 ` [LTP] " Theodore Ts'o
2017-01-17 19:35 ` J. Bruce Fields
2017-01-17 19:35 ` [LTP] " J. Bruce Fields
2017-01-17 21:04 ` Theodore Ts'o
2017-01-17 21:04 ` [LTP] " Theodore Ts'o
2017-01-18 8:17 ` Michael Kerrisk (man-pages)
2017-01-18 8:17 ` [LTP] " Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170117044104.ktrtizpzhghqludn@thunk.org \
--to=tytso@mit.edu \
--cc=chrubis@suse.cz \
--cc=guaneryu@gmail.com \
--cc=jstancek@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=mszeredi@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.