Starting Point.
Wade Klaver
archeron at wavefire.com
Thu May 6 17:38:29 GMT 2004
Hello,
Regarding UFS_ACL, In my kernel I have:
options UFS_ACL #Support for access control lists
After setting acls as an option to fstab, mount show:
/dev/ad0s2f on /usr (ufs, local, soft-updates, acls)
Dope! I see you can apply the acls option to a ufs, not ufs2 partition. I
guess that could be the root of my problem. Any ufs->ufs2 upgrade path?
Once I fix this, I will make sure that the ls issue is not related prior to
sending a PR.
-Wade
On May 6, 2004 09:54, Robert Watson wrote:
> On Thu, 6 May 2004, Wade Klaver wrote:
> > I will take whatever you have at this point. Even references to some
> > writing of a more theoretical nature that does a good job of explaining
> > the nature and implementation of trusted systems would be good. Also,
> > if there is a number of these partially complete documents in need of
> > consolidation, I could take a shoot at it. The best stuff I have
> > managed to track down comes out of the freebsd-security list archives.
> > I just have some funny goings on that I am sure are related to initial
> > configuration issues. If this is not the case, please let me know.
> > Things like:
> > When a non-root user issues a 'ls -l', I get things like:
> > ls: ./cmp.sh: Operation not supported
> > -rw-r--r-- 1 wade wheel 134 Oct 31 2002 cmp.sh
> > raised by:
> > __acl_get_file(0xbfbfdc90,0x0,0x8052400) ERR#45 'Operation not
> > supported'
> >
> > Same problems with the FACL stuff:
> > root at arch-/home/wade:setfacl -m u:wade:rw c
> > setfacl: acl_get_file() failed: Operation not supported
>
> Sounds like a couple of problems:
>
> 1. It looks like ls(1) no longer masks the error it gets back to check for
> ACLs if it gets EOPNOTSUPP. There was a recent change to ls(1) to
> improve performance when checking for the presence of ACLs, so it could
> be a result of that change.
>
> 2. It looks like you may not have UFS_ACL compiled into your kernel
> configuration. This option is required in order to enable ACLs on UFS
> file systems. Normally, it appears in the GENERIC kernel
> configuration, so you might want to check that it wasn't
> unintentionally removed from your configuration.
>
> 3. It's not clear that ACLs are enabled on the file system that you're
> attempting to use them on.
>
> Take a look at the documentation here:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fs-acl.html
>
> It explains how to configure ACLs on a file system, and check to make sure
> that both the kernel configuration and file system configuration are
> correct. If you could also use send-pr(1) to file a bug report for the
> ls(1) problem, that would be great.
>
> Thanks!
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org Senior Research Scientist, McAfee Research
--
Wade Klaver
Wavefire Technologies Corporation
GPG Public Key at http://archeron.wavefire.com
/"\ ASCII Ribbon Campaign .
\ / - NO HTML/RTF in e-mail .
X - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list