I had been tasked with figuring out how to have an environment that would allow multiple users to access core files. I thought: simple enough, I'll just have to mess around with the facl for the directory, specifically the "default" entry.
Well, I was wrong. I had attempted:
# remount filesystem and enable acl
chmod 775 /u01/core
chmod g+s /u01/core
chgrp smsvcs /u01/core
setfacl -m g::rwx,o:rwx,d:o::r-x /u01/core
It turns out that the coredump function (do_coredump) creates the file 0600
Well, I was wrong. I had attempted:
# remount filesystem and enable acl
chmod 775 /u01/core
chmod g+s /u01/core
chgrp smsvcs /u01/core
setfacl -m g::rwx,o:rwx,d:o::r-x /u01/core
It turns out that the coredump function (do_coredump) creates the file 0600
int do_coredump(long signr, struct pt_regs * regs) 919 { 920 struct linux_binfmt * binfmt; 921 char corename[6+sizeof(current->comm)]; 922 struct file * file; 923 struct inode * inode; 924 925 lock_kernel(); 926 binfmt = current->binfmt; 927 if (!binfmt || !binfmt->core_dump) 928 goto fail; 929 if (!current->dumpable || atomic_read(¤t->mm->mm_users) != 1) 930 goto fail; 931 current->dumpable = 0; 932 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump) 933 goto fail; 934 935 memcpy(corename,"core.", 5); 936 #if 0 937 memcpy(corename+5,current->comm,sizeof(current->comm)); 938 #else 939 corename[4] = '\0'; 940 #endif 941 file = filp_open(corename, O_CREAT | 2 | O_TRUNC | O_NOFOLLOW, 0600); 942 if (IS_ERR(file)) 943 goto fail; 944 inode = file->f_dentry->d_inode; 945 if (inode->i_nlink > 1) 946 goto close_fail; /* multiple links - don't dump */ 947 948 if (!S_ISREG(inode->i_mode)) 949 goto close_fail; 950 if (!file->f_op) 951 goto close_fail; 952 if (!file->f_op->write) 953 goto close_fail; 954 if (!binfmt->core_dump(signr, regs, file)) 955 goto close_fail; 956 unlock_kernel(); 957 filp_close(file, NULL); 958 return 1; 959 960 close_fail: 961 filp_close(file, NULL); 962 fail: 963 unlock_kernel(); 964 return 0; 965 }
Comments
Post a Comment