non-root tests in target check-root?

> Voelker, Bernhard wrote:
> > I'm wondering why there are so many tests (in coreutils-8.0( run by
> >
> >     sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
> >
> > which are skipped with "must be run as non-root",
> > e.g. touch/read-only, mv/perm-1, etc.
> > Is that on purpose (to check wether the root check works;-) ?
>
> It's because running them as root would fail,
> due to the different way in which permissions work when
> you are root; e.g., root can touch and write to a read-only file:
>
>     # :>f; chmod 0 f; touch f; echo > f
>     #

> Jim Meyering wrote:
>> Voelker, Bernhard wrote:
>> > I'm wondering why there are so many tests (in coreutils-8.0( run by
>> >
>> >     sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
>> >
>> > which are skipped with "must be run as non-root",
>> > e.g. touch/read-only, mv/perm-1, etc.
>> > Is that on purpose (to check wether the root check works;-) ?
>>
>> It's because running them as root would fail,
>> due to the different way in which permissions work when
>> you are root; e.g., root can touch and write to a read-only file:
>>
>>     # :>f; chmod 0 f; touch f; echo > f
>>     #
>
> thanks for the answer & sorry for the delay.
>
> That was clear to me, maybe my question was inprecise:
> If I understand the check* targets right, there is the general
> purpose target "check" which can be run as a non-root or a root user
> while there is a special target for root-only checks named "check-root".

> Voelker, Bernhard wrote:
> > Jim Meyering wrote:
> >> Voelker, Bernhard wrote:
> >> > I'm wondering why there are so many tests (in coreutils-8.0( run by
> >> >
> >> >     sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
> >> >
> >> > which are skipped with "must be run as non-root",
> >> > e.g. touch/read-only, mv/perm-1, etc.
> >> > Is that on purpose (to check wether the root check works;-) ?
> >>
> >> It's because running them as root would fail,
> >> due to the different way in which permissions work when
> >> you are root; e.g., root can touch and write to a read-only file:
> >>
> >>     # :>f; chmod 0 f; touch f; echo > f
> >>     #
> >
> > thanks for the answer & sorry for the delay.
> >
> > That was clear to me, maybe my question was inprecise:
> > If I understand the check* targets right, there is the general
> > purpose target "check" which can be run as a non-root or a root user
> > while there is a special target for root-only checks named "check-root".
>
> Not quite.  I recommend against running "make check" as root.
> There are very many tests, and while we're pretty confident
> they contain few bugs and probably no *exploitable* bugs, it
> is best to be cautious and run as few programs as possible when root.

> Jim Meyering wrote:
>> Voelker, Bernhard wrote:
>> > Jim Meyering wrote:
>> >> Voelker, Bernhard wrote:
>> >> > I'm wondering why there are so many tests (in coreutils-8.0( run by
>> >> >
>> >> >     sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
>> >> >
>> >> > which are skipped with "must be run as non-root",
>> >> > e.g. touch/read-only, mv/perm-1, etc.
>> >> > Is that on purpose (to check wether the root check works;-) ?
>> >>
>> >> It's because running them as root would fail,
>> >> due to the different way in which permissions work when
>> >> you are root; e.g., root can touch and write to a read-only file:
>> >>
>> >>     # :>f; chmod 0 f; touch f; echo > f
>> >>     #
>> >
>> > thanks for the answer & sorry for the delay.
>> >
>> > That was clear to me, maybe my question was inprecise:
>> > If I understand the check* targets right, there is the general
>> > purpose target "check" which can be run as a non-root or a root user
>> > while there is a special target for root-only checks named "check-root".
>>
>> Not quite.  I recommend against running "make check" as root.
>> There are very many tests, and while we're pretty confident
>> they contain few bugs and probably no *exploitable* bugs, it
>> is best to be cautious and run as few programs as possible when root.
>
> ok.
>
>> Hence, "make check-root" serves to run the few tests
>> that can succeed only when run by root.
>
> ... so "touch/read-only" and "mv/perm-1" should be removed from
> "make check-root" since it cannot be run as root, right?

> Voelker, Bernhard wrote:
>
> > Jim Meyering wrote:
> >> Voelker, Bernhard wrote:
> >> > Jim Meyering wrote:
> >> >> Voelker, Bernhard wrote:
> >> >> > I'm wondering why there are so many tests (in coreutils-8.0( run by
> >> >> >
> >> >> >     sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
> >> >> >
> >> >> > which are skipped with "must be run as non-root",
> >> >> > e.g. touch/read-only, mv/perm-1, etc.
> >> >> > Is that on purpose (to check wether the root check works;-) ?
> >> >>
> >> >> It's because running them as root would fail,
> >> >> due to the different way in which permissions work when
> >> >> you are root; e.g., root can touch and write to a read-only file:
> >> >>
> >> >>     # :>f; chmod 0 f; touch f; echo > f
> >> >>     #
> >> >
> >> > thanks for the answer & sorry for the delay.
> >> >
> >> > That was clear to me, maybe my question was inprecise:
> >> > If I understand the check* targets right, there is the general
> >> > purpose target "check" which can be run as a non-root or a root user
> >> > while there is a special target for root-only checks named "check-root".
> >>
> >> Not quite.  I recommend against running "make check" as root.
> >> There are very many tests, and while we're pretty confident
> >> they contain few bugs and probably no *exploitable* bugs, it
> >> is best to be cautious and run as few programs as possible when root.
> >
> > ok.
> >
> >> Hence, "make check-root" serves to run the few tests
> >> that can succeed only when run by root.
> >
> > ... so "touch/read-only" and "mv/perm-1" should be removed from
> > "make check-root" since it cannot be run as root, right?
>
> The list of root_tests is in tests/Makefile.am:
>
> root_tests = \
>   chown/basic \
>   cp/cp-a-selinux \
>   cp/preserve-gid \
>   cp/special-bits \
>   cp/cp-mv-enotsup-xattr \
>   dd/skip-seek-past-dev \
>   install/install-C-root \
>   ls/capability \
>   ls/nameless-uid \
>   misc/chcon \
>   misc/chroot-credentials \
>   misc/selinux \
>   misc/truncate-owned-by-other \
>   mkdir/writable-under-readonly \
>   mv/sticky-to-xpart \
>   rm/fail-2eperm \
>   rm/no-give-up \
>   rm/one-file-system \
>   tail-2/append-only \
>   touch/now-owned-by-other
>
> and it does not contain either of those two tests.
> Does "make check-root" run them for you?
>
> If you are having a problem, please list the commands
> you are running and whatever problematic output they produce.