Stephen Berman <[email protected]> writes:
> Hi Michael,
Hi Stephen,
> I'm unable to access a remote site via sftp using Tramp. It's the same
> site I've had Tramp problems with several time over the last few years
> -- and each time you've been able to fix the problem, so I'm hoping that
> happens now too! The site administrators have recently restricted
> external access to the site via VPN tunnel only, and this works for me
> with sftp from shell, but with Tramp I get "tramp-handle-access-file (1)
> # Cannot access file or directory: Reading directory: Permission
> denied". The directory in question is three levels down, and I can
> access the two higher levels via Tramp, only the third level (which is
> where my personal data is) is inaccessible. One difference between
> using sftp in the shell and using Tramp is that with the former, I
> explicitly enter my password, while Tramp accesses my password from my
> ~/.authinfo file. I've attached a gzipped level 6 Tramp debug trace.
Yep, in the trace file there is
--8<---------------cut here---------------start------------->8---
20:35:24.603530 tramp-handle-access-file (1) # Cannot access file or directory:
Reading directory: Permission denied,
/sftp:[email protected]:/b/bermasbp/
--8<---------------cut here---------------end--------------->8---
Handling the password differently doesn't matter.
It isn't completely clear to me why this happened. But I have a
suspicion. The file information of that directory are
--8<---------------cut here---------------start------------->8---
bermasbp 7 (directory) standard::display-name=bermasbp
time::modified=1603836403 time::access=1643996815 unix::mode=17896
unix::uid=45845 unix::gid=33
--8<---------------cut here---------------end--------------->8---
Mode 17896 corresponds to "drwxr-s---", that means the setgid bit is
set. Tramp doesn't handle setuid and setgid properly I believe. Could
you please check the appended patch, whether it helps?
> Thanks,
> Steve Berman
Best regards, Michael.
diff --git a/lisp/tramp-gvfs.el b/lisp/tramp-gvfs.el
index d3af9f47..6826fac0 100644
--- a/lisp/tramp-gvfs.el
+++ b/lisp/tramp-gvfs.el
@@ -1385,7 +1385,8 @@ If FILE-SYSTEM is non-nil, return file system attributes."
"Like `file-executable-p' for Tramp files."
(with-parsed-tramp-file-name filename nil
(with-tramp-file-property v localname "file-executable-p"
- (tramp-check-cached-permissions v ?x))))
+ (or (tramp-check-cached-permissions v ?x)
+ (tramp-check-cached-permissions v ?s)))))
(defun tramp-gvfs-handle-file-name-all-completions (filename directory)
"Like `file-name-all-completions' for Tramp files."
diff --git a/lisp/tramp-sh.el b/lisp/tramp-sh.el
index 98192bd9..ea089224 100644
--- a/lisp/tramp-sh.el
+++ b/lisp/tramp-sh.el
@@ -1585,6 +1585,7 @@ ID-FORMAT valid values are `string' and `integer'."
;; Examine `file-attributes' cache to see if request can be
;; satisfied without remote operation.
(or (tramp-check-cached-permissions v ?x)
+ (tramp-check-cached-permissions v ?s)
(tramp-run-test "-x" filename)))))
(defun tramp-sh-handle-file-readable-p (filename)
diff --git a/lisp/tramp.el b/lisp/tramp.el
index 83437eaf..cd026840 100644
--- a/lisp/tramp.el
+++ b/lisp/tramp.el
@@ -5434,7 +5434,8 @@ be granted."
(offset (cond
((eq ?r access) 1)
((eq ?w access) 2)
- ((eq ?x access) 3))))
+ ((eq ?x access) 3)
+ ((eq ?s access) 3))))
(dolist (suffix '("string" "integer") result)
(setq
result
