Why is editing core_pattern restricted?
Entries in procfs are managed by ad hoc code. The code that would set permissions and ownership on the files under /proc/sys
(proc_sys_setattr
) rejects changes of permissions and ownership with EPERM. So it isn't possible to change the permissions or ownership of these files, full stop. Such changes are not implemented, so being root doesn't help.
When you try to write as a non-root user, you get a permission error. Even with sudo echo "/home/user/foo/core.%e.%p" > /proc/sys/kernel/core_pattern
, you're trying to write as a non-root user: sudo
runs echo
as root, but the redirection happens in the shell from which sudo
is executed, and that shell has no elevated privileges. With sudo bash -c '… >…'
, the redirection is performed in the bash instance which is launched by sudo
and which runs as root, so the write succeeds.
The reason only root must be allowed to set the kernel.core_pattern
sysctl is that it allows a command to be specified and, since this is a global setting, this command could be executed by any user. This is in fact the case for all sysctl settings to various degrees: they're all global settings, so only root can change them. kernel.core_pattern
is just a particularly dangerous case.
On Ubuntu 18.04 I can update the pattern with:
sudo bash -c 'echo "/data/app_crash/%t.%e.core.%p" > /proc/sys/kernel/core_pattern'
I can also update /etc/sysctl.conf
and add the line:
kernel.core_pattern = /data/app_crash/%t.%e.core.%p
However, even though there are no other lines setting kernel.core_pattern
in /etc/sysctl.conf
or /etc/sysctl.d/*
, after I reboot the pattern is set to the default value again:
$ sudo sysctl -a | grep kernel.core_pattern
kernel.core_pattern = |/usr/share/apport/apport %p %s %c %d %P
It turned out that apport
was over-writing any changes I made. I uninstalled apport
with sudo apt-get remove apport
and then my changes were used.