Package: debmirror Version: 1:2.47 Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, I have a file archive where I want to store my debian mirror. I have many groups and users. Access permissions were pretty complicated so I decided to use ACLs for filesystem access control. When I tried to point debmirror to my archive - it failed with messages like this: ---- You need write permissions on /mnt/my_file_archive/debian/ at/usr/bin/debmirror line 891 ---- My user (mirrorer) really does have write access - it can create files in the target directory and here is the directory ACL: --- stat /mnt/my_file_archive/debian File: /mnt/my_file_archive/debian Size: 4096 Blocks: 16 IO Block: 4096 directory Device: 253,6 Inode: 196214785 Links: 8 Access: (0770/drwxrwx---) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2025-07-25 23:44:06.587218185 +0300 Modify: 2025-09-29 02:20:23.783611923 +0300 Change: 2025-09-29 02:20:23.783611923 +0300 Birth: 2025-07-25 23:44:06.587218185 +0300 --- getfacl /mnt/my_file_archive/debian getfacl: Removing leading '/' from absolute path names # file: mnt/my_file_archive/debian # owner: root # group: root user::rwx user:mirrorer:rwx group::r-x mask::rwx other::--- default:user::rwx default:user:mirrorer:rwx default:group::r-x default:mask::rwx default:other::--- --- As I see - there are two permission checks in /usr/bin/debmirror script: 1) Line 891: die "You need write permissions on $mirrordir" if (! -w $mirrordir); 2) Line 912: die "You need write permissions on $tempdir" if (! -w $tempdir); When I commented them both out - debrirror succeeded without issues. Looks like those checks take in account only "normal" unix permissions, but not ACLs. I found this - https://perldoc.perl.org/filetest#DESCRIPTION : --- The default behaviour of file test operators is to use the simple mode bits as returned by the stat() family of system calls. However, many operating systems have additional features to define more complex access rights, for example ACLs (Access Control Lists). For such environments, use filetest may help the permission operators to return results more consistent with other tools. --- So could you please add ACLs support to those checks? Thanks. -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'trixie-fasttrack') Architecture: amd64 (x86_64) Kernel: Linux 6.12.43+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debmirror depends on: ii bzip2 1.0.8-6 pn libdigest-md5-perl <none> pn libdigest-sha-perl <none> ii liblockfile-simple-perl 0.208-1.1 ii libwww-perl 6.78-1 ii perl [libnet-perl] 5.40.1-6 ii rsync 3.4.1+ds1-5 ii xz-utils 5.8.1-1 Versions of packages debmirror recommends: ii ed 1.21.1-1 ii gpgv 2.4.7-21+b3 ii patch 2.8-2 Versions of packages debmirror suggests: ii gnupg 2.4.7-21 -- debconf-show failed
