FreeBSD 6.3 ACL problem

Gergely CZUCZY phoemix at harmless.hu
Thu Feb 21 08:43:32 UTC 2008 

On Thu, Feb 21, 2008 at 10:21:40AM +0200, Andrei Kolu wrote:
> On Thursday 21 February 2008 10:15:11 Gergely CZUCZY wrote:
> > run ``id antik'' please. I've got a feeling that your antik user is
> > part of the "wheel" group, which is not allowed to chdir into that
> > directory.
> >
> sambatest# id antik
> uid=1001(antik) gid=1001(antik) groups=1001(antik),0(wheel)
> 
> I should remove this user from wheel group or add particular permission? So 
> wheel does not fit onto "other" definition in ACL? 
It perfectly fits into that. Just that, the definition for wheel comes first, since
that's more specific. More specific first, general ones later, if i remember correctly.

I suggest fixiing the ACLs, that seems to be a solution. OTOH, removing him from
wheel seems to be a workaround.

> 
> > On Thu, Feb 21, 2008 at 09:57:13AM +0200, Andrei Kolu wrote:
> > > Hi, I have this strange problem with ACL- I can go to one particular
> > > directory with two different users but can't access it with third. NOTE:
> > > there is no common group set up like samba- all users access this
> > > directory according to ACL rules (other::r-x). Looks like different shell
> > > does not matter (csh or sh). Only difference whas that I created user
> > > "antik" before I enabled ACL support for /usr filesystem. Should I report
> > > this like bug?
> > >
> > > Commands listing:
> > > ---------------------------------------------------------------------
> > > sambatest# pwd
> > > /root
> > > sambatest# cd /home/
> > > sambatest# ll
> > > total 10
> > > drwxr-xr-x  2 antik  antik  512 Feb 20 16:23 antik
> > > drwxrwxr-x+ 3 samba  samba  512 Feb 20 15:53 samba
> > > drwxr-xr-x  2 test1  test1  512 Feb 21 09:29 test1
> > > drwxr-xr-x  2 test2  test2  512 Feb 20 16:40 test2
> > > sambatest# getfacl samba/
> > > #file:samba/
> > > #owner:1003
> > > #group:1003
> > > user::rwx
> > > user:nobody:rw-
> > > group::r-x
> > > group:wheel:rw-
> > > mask::rwx
> > > other::r-x
> > > sambatest# su - antik
> > > %cd /home/
> > > %ll
> > > total 10
> > > drwxr-xr-x  2 antik  antik  512 Feb 20 16:23 antik
> > > drwxrwxr-x+ 3 samba  samba  512 Feb 20 15:53 samba
> > > drwxr-xr-x  2 test1  test1  512 Feb 21 09:29 test1
> > > drwxr-xr-x  2 test2  test2  512 Feb 20 16:40 test2
> > > %cd samba/
> > > samba/: Permission denied.
> > > %logout
> > > sambatest# su - test2
> > > $ cd /home
> > > $ ll
> > > total 14
> > > drwxr-xr-x   6 root   wheel  - 512 Feb 20 16:40 ./
> > > drwxr-xr-x  17 root   wheel  - 512 Feb 20 14:01 ../
> > > drwxr-xr-x   2 antik  antik  - 512 Feb 20 16:23 antik/
> > > drwxrwxr-x+  3 samba  samba  - 512 Feb 20 15:53 samba/
> > > drwxr-xr-x   2 test1  test1  - 512 Feb 21 09:29 test1/
> > > drwxr-xr-x   2 test2  test2  - 512 Feb 20 16:40 test2/
> > > $ cd samba
> > > $ pwd
> > > /home/samba
> > > ---------------------------------------------------------------------
> > > _______________________________________________
> > > freebsd-fs at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> > > To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"
> >
> > Sincerely,
> >
> > Gergely Czuczy,
> > Harmless Digital
> > mailto: gergely.czuczy at harmless.hu
> 
> 
> _______________________________________________
> freebsd-fs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"

Sincerely,

Gergely Czuczy,
Harmless Digital
mailto: gergely.czuczy at harmless.hu

-- 
Legacy software is software that works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2125 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20080221/7959f3b7/attachment.pgp

More information about the freebsd-fs mailing list