Re: [opensuse] ACL problem

[Jan Engelhardt]

>> Well, set the default mask!
>
>That's what I did and that's what doesn't work... Investigating a little
>bit I found out that it seems to be a SLES9/NFS-Problem. The parent
>dir has a default mask of rwx:
>
># getfacl .
>...
>default:mask::rwx
>...
>
>Now I call "mkdir test1" on the SLES9 NFS server, "mkdir test2" on
>a SLES9 nfs client and "mkdir test3" on a SuSE 10.1 nfs client,
>all as user tomcat. The result is:
>
>drwxrwxr-x+ 2 tomcat tomcat 48 Oct 19 15:53 test1
>drwxr-xr-x+ 2 tomcat tomcat 48 Oct 19 15:54 test2
>drwxrwxr-x+ 2 tomcat    104 48 Oct 19 15:54 test3
>
>and accordingly test2 has a mask of r-x, while test1 and test3 have rwx.
>The tomcat server runs on the SLES9 nfs client...
>
>So it looks like a SLES9 nfs client doesn't honour the default mask
>when creating a subdir? I guess this is a bug in SLES9 (kernel/nfs code 
>whatever)?

Seems likely.

22:02 ichi:/tmp > cd /dev/shm
22:02 ichi:/dev/shm > md foo
22:02 ichi:/dev/shm > cd foo
22:02 ichi:/dev/shm/foo > getfacl .
# file: .
# owner: jengelh
# group: users
user::rwx
group::r-x
other::r-x

22:02 ichi:/dev/shm/foo > setfacl -d -m u:daemon:x .
22:02 ichi:/dev/shm/foo > getfacl .
# file: .
# owner: jengelh
# group: users
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:daemon:--x
default:group::r-x
default:mask::r-x
default:other::r-x

22:02 ichi:/dev/shm/foo > touch this
22:02 ichi:/dev/shm/foo > getfacl this
# file: this
# owner: jengelh
# group: users
user::rw-
user:daemon:--x                 #effective:---
group::r-x                      #effective:r--
mask::r-- <<< OK, see above, mask is only r-x, and touch did not pass S_IXUSR
other::r--

22:02 ichi:/dev/shm/foo > setfacl -d -m mask::rwx .
22:02 ichi:/dev/shm/foo > touch that
22:02 ichi:/dev/shm/foo > getfacl that
# file: that
# owner: jengelh
# group: users
user::rw-
user:daemon:--x                 #effective:---
group::r-x                      #effective:r--
mask::rw- <<< OK
other::r--

(Which is correct since touch does not pass S_IXUSR to open(2))

22:02 ichi:/dev/shm/foo > md brain
22:03 ichi:/dev/shm/foo > getfacl brain
# file: brain
# owner: jengelh
# group: users
user::rwx
user:daemon:--x
group::r-x
mask::rwx <<< OK
other::r-x
default:user::rwx
default:user:daemon:--x
default:group::r-x
default:mask::rwx
default:other::r-x


Oh BTW I did this without any NFS, just locally, on a SUSE Linux 10.1 with
2.6.18-jen35 (based on 2.6.18-[suse]9 from factory). Could you please try the
whole "testsuite" above on different NFS clients?
Especially, check out /proc/mounts on the SLES9 NFS client and compare with
10.1's. What kernel does your SLES9 use?

        -`J'
-- 
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]