Starting Point.
Robert Watson
rwatson at FreeBSD.org
Thu May 6 16:54:46 GMT 2004
On Thu, 6 May 2004, Wade Klaver wrote:
> I will take whatever you have at this point. Even references to some
> writing of a more theoretical nature that does a good job of explaining
> the nature and implementation of trusted systems would be good. Also,
> if there is a number of these partially complete documents in need of
> consolidation, I could take a shoot at it. The best stuff I have
> managed to track down comes out of the freebsd-security list archives.
> I just have some funny goings on that I am sure are related to initial
> configuration issues. If this is not the case, please let me know.
> Things like:
> When a non-root user issues a 'ls -l', I get things like:
> ls: ./cmp.sh: Operation not supported
> -rw-r--r-- 1 wade wheel 134 Oct 31 2002 cmp.sh
> raised by:
> __acl_get_file(0xbfbfdc90,0x0,0x8052400) ERR#45 'Operation not
> supported'
>
> Same problems with the FACL stuff:
> root at arch-/home/wade:setfacl -m u:wade:rw c
> setfacl: acl_get_file() failed: Operation not supported
Sounds like a couple of problems:
1. It looks like ls(1) no longer masks the error it gets back to check for
ACLs if it gets EOPNOTSUPP. There was a recent change to ls(1) to
improve performance when checking for the presence of ACLs, so it could
be a result of that change.
2. It looks like you may not have UFS_ACL compiled into your kernel
configuration. This option is required in order to enable ACLs on UFS
file systems. Normally, it appears in the GENERIC kernel
configuration, so you might want to check that it wasn't
unintentionally removed from your configuration.
3. It's not clear that ACLs are enabled on the file system that you're
attempting to use them on.
Take a look at the documentation here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fs-acl.html
It explains how to configure ACLs on a file system, and check to make sure
that both the kernel configuration and file system configuration are
correct. If you could also use send-pr(1) to file a bug report for the
ls(1) problem, that would be great.
Thanks!
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list