| View previous topic :: View next topic |
| Author |
Message |
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
 Posted: Tue Sep 25, 2018 7:36 am Post subject: Posix ACL issue |
 |
|
Hi All,
I'm having some troubles in making Posix ACL working on my system.
What happens is that I'm not able to set any acl, I'm getting error messages back like this one:
| Code: | > getfacl pippo
# file: pippo
# owner: cova
# group: cova
other::r--
> setfacl -m other::r-- pippo
setfacl: pippo: Malformed access ACL `other::r--': Missing or wrong entry at entry 1
|
That is kinda weird as I simply fed in the output of getfacl.
Besides that, uaccess rules in udev are not working.
This happens on btrfs, ext* and tmpfs filesystems but all kernel flags are ok:
| Code: |
zcat /proc/config.gz | grep ACL
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_JFFS2_FS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_CIFS_ACL=y
|
xattrs are working just fine.
I tried to force mounting/remounting fs with acl , even though btrfs and tmpfs should have posixacl set by default, no changes.
I tried with several kernels, starting from 4.17.19 and now I'm running 4.18.9, no changes. Please note, all vanilla kernels.
I'm pretty sure I'm missing something obvious, but not sure what.
Anyone has some hints, or a working config for a kernel that I can check?
Many thanks |
|
| Back to top |
|
 |
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Sep 25, 2018 9:04 am Post subject: |
|
|
cova ...
what is the output of:
| Code: | # ls -ld .
# getfacl . |
best ... khay |
|
| Back to top |
|
|
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
| Posted: Tue Sep 25, 2018 9:09 am Post subject: |
|
|
| khayyam wrote: | cova ...
what is the output of:
| Code: | # ls -ld .
# getfacl . |
|
| Code: |
cova@hobbes ~/ttt $ ls -ld .
drwxr-xr-x 1 cova cova 10 Sep 25 11:05 .
cova@hobbes ~/ttt $ getfacl .
# file: .
# owner: cova
# group: cova
other::r-x
|
|
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Sep 25, 2018 9:48 am Post subject: |
|
|
cova ...
| Code: | % whoami
khayyam
% umask
077
% cd $(mktemp -d)
% pwd
~/tmp/tmp.alcgLiUk71
% ls -ld .
drwx------ 4 khayyam users 4096 2018-09-25 11:32 ./
% getfacl .
# file: .
# owner: khayyam
# group: users
user::rwx
group::---
other::--- |
In your case 'ttt' has nothing set for user and group (not sure why). What about the parent? ... and what does the following return:
| Code: | % setfacl -R -m g:cova:rwx ~/ttt
% getfacl ~/tty |
best ... khay |
|
| Back to top |
|
|
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
| Posted: Tue Sep 25, 2018 12:04 pm Post subject: |
|
|
| khayyam wrote: | cova ...
In your case 'ttt' has nothing set for user and group (not sure why). What about the parent? ... and what does the following return:
| Code: | % setfacl -R -m g:cova:rwx ~/ttt
% getfacl ~/tty |
|
So,
regarding the parent, it gives the same output:
| Code: |
getfacl /home/cova/
getfacl: Removing leading '/' from absolute path names
# file: home/cova/
# owner: cova
# group: cova
other::r-x
|
while setfact spits out an error:
| Code: |
cova@hobbes ~ $ setfacl -R -m g:cova:rwx ~/ttt
setfacl: /home/cova/ttt: Malformed access ACL `group:cova:rwx,mask::rwx,other::r-x': Missing or wrong entry at entry 1
setfacl: /home/cova/ttt/pippo: Malformed access ACL `group:cova:rwx,mask::rwx,other::r--': Missing or wrong entry at entry 1
|
and this is interesting because it seems that acl are not supported, however kernel definitely is compiled with acl support for the FS (in this case btrfs). Moreover btrfs should have acl enabled by default and in mount option there is no "noacl" anywhere for the filesystem.
The same happens with tmps filesystem, so it does not seems to be tied with a specific filesystem.
It seems that kernel does not support acl at all, but in this case I'm not aware of any CONFIG_* or other switch that can prevent posix acls to work, besides the above reported CONFIG_ that are all set to yes.
/me puzzled |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Sep 25, 2018 12:48 pm Post subject: |
|
|
cova ... you can check the availablity of extended attributes for the filesystem with the following:
| Code: | | # grep xattr /proc/fs/btrfs/sda1/options |
... or whatever device this happens to be. However, the reason I asked the above is because I've already ruled out the kernel. I think what's happened is that when you unpacked the stage3 you omited the '--xattrs' flag, and so no extended attributes were written to the filesystem.
best ... khay |
|
| Back to top |
|
|
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
| Posted: Tue Sep 25, 2018 1:16 pm Post subject: |
|
|
| khayyam wrote: | cova ... you can check the availablity of extended attributes for the filesystem with the following:
| Code: | | # grep xattr /proc/fs/btrfs/sda1/options |
... or whatever device this happens to be. However, the reason I asked the above is because I've already ruled out the kernel. I think what's happened is that when you unpacked the stage3 you omited the '--xattrs' flag, and so no extended attributes were written to the filesystem.
best ... khay |
This is getting fishy.
according to my proc filesystem, I have no btrfs or ext2, that are the two compiled in (statically) in the kernel. the others are modules and they show up:
| Code: | hobbes /proc # ls -la fs
total 0
dr-xr-xr-x 8 root root 0 Sep 25 13:53 .
dr-xr-xr-x 403 root root 0 Sep 25 13:52 ..
dr-xr-xr-x 2 root root 0 Sep 25 14:49 ext4
dr-xr-xr-x 2 root root 0 Sep 25 14:49 jbd2
dr-xr-xr-x 2 root root 0 Sep 25 14:49 lockd
dr-xr-xr-x 2 root root 0 Sep 25 14:49 nfsd
dr-xr-xr-x 2 root root 0 Sep 25 14:49 nfsfs
dr-xr-xr-x 2 root root 0 Sep 25 14:49 xfs |
xattr seems to be working, as I can do that on the same file:
| Code: |
> setfattr -n user.foo -v bar pippo
> getfattr pippo
# file: pippo
user.foo
|
I also tried to mount a newly created device (lv) using ext4 that is visible in proc
and apparently it works:
| Code: | | EXT4-fs (dm-6): mounted filesystem with ordered data mode. Opts: acl |
however, it does not:
| Code: | hobbes ~/tt # setfacl -m other::r-- pippo
setfacl: pippo: Malformed access ACL `other::r--': Missing or wrong entry at entry 1 |
And more interesting, mount output shows something weird:
| Code: | | /dev/mapper/vg0-test on /root/tt type ext4 (rw,relatime) |
Even though dmesg confirms that acl option has been accepted during mount. Trying with remount confirms that:
| Code: | EXT4-fs (dm-6): re-mounted. Opts: acl
>setfacl -m other::r-- pippo
setfacl: pippo: Malformed access ACL `other::r--': Missing or wrong entry at entry 1 |
and to complete the confusion:
| Code: | cat /proc/fs/ext4/dm-6/options
rw
bsddf
nogrpid
block_validity
dioread_lock
nodiscard
delalloc
nowarn_on_error
journal_checksum
barrier
auto_da_alloc
user_xattr
acl
noquota
resuid=0
resgid=0
errors=continue
commit=5
min_batch_time=0
max_batch_time=15000
stripe=0
data=ordered
inode_readahead_blks=32
init_itable=10
max_dir_size_kb=0
|
/me even more puzzled  |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Sep 25, 2018 2:57 pm Post subject: |
|
|
| cova wrote: | | according to my proc filesystem, I have no btrfs or ext2, that are the two compiled in (statically) in the kernel. the others are modules and they show up: |
cova ... as far as ext2 is concerned you probably have CONFIG_EXT4_USE_FOR_EXT23=y and so would only see ext4 in /proc/fs.
best ... khay |
|
| Back to top |
|
|
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
| Posted: Tue Sep 25, 2018 4:23 pm Post subject: |
|
|
| khayyam wrote: | | cova wrote: | | according to my proc filesystem, I have no btrfs or ext2, that are the two compiled in (statically) in the kernel. the others are modules and they show up: |
cova ... as far as ext2 is concerned you probably have CONFIG_EXT4_USE_FOR_EXT23=y and so would only see ext4 in /proc/fs.
best ... khay |
Yes, true... still perplexed about btrfs though. I guess I will start to have a look at kernel code to see what I can possibly have messed up. I really fail to see even in which direction where to look to understand what's going on:) |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Sep 25, 2018 5:20 pm Post subject: |
|
|
| cova wrote: | | [...] still perplexed about btrfs though. I guess I will start to have a look at kernel code to see what I can possibly have messed up. I really fail to see even in which direction where to look to understand what's going on:) |
cova ... those acl's are stored in the filesystem, and so I would suspect btrfs, but you've said the same happens with ext{2,4} and with tmpfs, and so I can't really narrow it down any further.
best ... khay |
|
| Back to top |
|
|
cova
n00b
Joined: 12 Apr 2010
Posts: 26
|
| Posted: Sun Sep 30, 2018 12:58 pm Post subject: |
|
|
| khayyam wrote: | | cova wrote: | | [...] still perplexed about btrfs though. I guess I will start to have a look at kernel code to see what I can possibly have messed up. I really fail to see even in which direction where to look to understand what's going on:) |
cova ... those acl's are stored in the filesystem, and so I would suspect btrfs, but you've said the same happens with ext{2,4} and with tmpfs, and so I can't really narrow it down any further.
|
It seems that the issue lies in sys-apps/acl. If I downgrade from 2.2.53 to 2.2.52-r1, getfacl/setfacl starts to work and also uaccess in udev rules is fine.
Thanks for all the answers! |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Sun Sep 30, 2018 1:17 pm Post subject: |
|
|
| cova wrote: | | It seems that the issue lies in sys-apps/acl. If I downgrade from 2.2.53 to 2.2.52-r1, getfacl/setfacl starts to work and also uaccess in udev rules is fine. Thanks for all the answers! |
cova ... you're welcome, and good ... probably worth linking here to the bug.
best ... khay |
|
| Back to top |
|
|
|
Kernel & Hardware
