Bug 2121162

Summary: User lacks write permission on /
Product: [Fedora] Fedora Reporter: Nate Graham <nate>
Component: filesystemAssignee: Martin Osvald 🛹 <mosvald>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 36CC: mosvald, ovasik, pavel, pknirsch
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-25 13:53:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nate Graham 2022-08-24 16:52:51 UTC 
Description of problem:
/ lacks user write permission.


Version-Release number of selected component (if applicable):
Fedora 36


How reproducible:
100%


Steps to reproduce:
1. ls -la /


Actual results:
total 84
dr-xr-xr-x.  21 root root  4096 Aug 22 17:48 ./


Expected results:
total 84
drwxr-xr-x.  21 root root  4096 Aug 22 17:48 ./


Practical effect:
This blocks https://invent.kde.org/sitter/kio-admin from allowing the creation of files on / because it respects folder permissions.
Comment 1 Martin Osvald 🛹 2022-08-25 13:53:42 UTC 
Thank you for reporting this issue.

The behavior you describe is intentional. It is a part of lowering capabilities project:

https://fedoraproject.org/wiki/Features/LowerProcessCapabilities

and the change from rwx to r-x on / was introduced by the below BZ and follow-up commit:

[Bug 517575 - Changes for lowering capabilities project]
https://bugzilla.redhat.com/show_bug.cgi?id=517575

https://pagure.io/filesystem/c/2768c46e35ca900637775c3c4604895f77e4856b

There is no plan to change this. If you really need to write into /, you will have to set CAP_DAC_OVERRIDE.

For more information, please, refer to the mentioned BZ and the links there.