Skip to content
Advertisement

Editing root-owned files after “unshare -Ur”

Say I am in the initial user namespace and there is an empty root-owned file in some directory:

JavaScript

Now I am switching to a new user namespace with unshare -Ur. In this namespace, root.txt is reported to be owned by “nobody” because original root uid(0) is not mapped to the new namespace:

JavaScript

Then I use vim to edit this file. Despite giving some warnings about changing readonly file, it allows me to overwrite the contents of the file:

JavaScript

Also, if I return to the initial user namespace, the file has now changed its owner to my unpriviledged uid(1000):

JavaScript

How is it possible? Also, if I try to do the same with system root file (e.g. /etc/passwd), I get access denied error as expected.

UPD:

JavaScript

Advertisement

Answer

When you edit/save root.txt through vim, the file is renamed into root.txt~ and renamed back into root.txt as tdiff user (as well as the root user counterpart in the child user namespace) has write access in the directory ~/temp/unshare. The renaming operation changes the ownership on the resulting file to root in the child namespace which is tdiff in the father namespace.

For /etc/passwd, the same is impossible as /etc is not owned by tdiff: you don’t have access write to rename the file during the edition.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement