Starting Point.

Wade Klaver archeron at wavefire.com
Thu May 6 17:38:29 GMT 2004 

Hello,
Regarding UFS_ACL,  In my kernel I have:
options         UFS_ACL                 #Support for access control lists
After setting acls as an option to fstab, mount show:
/dev/ad0s2f on /usr (ufs, local, soft-updates, acls)

Dope!  I see you can apply the acls option to a ufs, not ufs2 partition.  I 
guess that could be the root of my problem.  Any ufs->ufs2 upgrade path?
Once I fix this, I will make sure that the ls issue is not related prior to 
sending a PR.

 -Wade

On May 6, 2004 09:54, Robert Watson wrote:
> On Thu, 6 May 2004, Wade Klaver wrote:
> >   I will take whatever you have at this point.  Even references to some
> > writing of a more theoretical nature that does a good job of explaining
> > the nature and implementation of trusted systems would be good.  Also,
> > if there is a number of these partially complete documents in need of
> > consolidation, I could take a shoot at it.  The best stuff I have
> > managed to track down comes out of the freebsd-security list archives.
> > I just have some funny goings on that I am sure are related to initial
> > configuration issues.  If this is not the case, please let me know.
> > Things like:
> >   When a non-root user issues a 'ls -l', I get things like:
> > ls: ./cmp.sh: Operation not supported
> > -rw-r--r--  1 wade  wheel       134 Oct 31  2002 cmp.sh
> > raised by:
> > __acl_get_file(0xbfbfdc90,0x0,0x8052400)         ERR#45 'Operation not
> > supported'
> >
> > Same problems with the FACL stuff:
> > root at arch-/home/wade:setfacl -m u:wade:rw c
> > setfacl: acl_get_file() failed: Operation not supported
>
> Sounds like a couple of problems:
>
> 1. It looks like ls(1) no longer masks the error it gets back to check for
>    ACLs if it gets EOPNOTSUPP.  There was a recent change to ls(1) to
>    improve performance when checking for the presence of ACLs, so it could
>    be a result of that change.
>
> 2. It looks like you may not have UFS_ACL compiled into your kernel
>    configuration.  This option is required in order to enable ACLs on UFS
>    file systems.  Normally, it appears in the GENERIC kernel
>    configuration, so you might want to check that it wasn't
>    unintentionally removed from your configuration.
>
> 3. It's not clear that ACLs are enabled on the file system that you're
>    attempting to use them on.
>
> Take a look at the documentation here:
>
>   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fs-acl.html
>
> It explains how to configure ACLs on a file system, and check to make sure
> that both the kernel configuration and file system configuration are
> correct.  If you could also use send-pr(1) to file a bug report for the
> ls(1) problem, that would be great.
>
> Thanks!
>
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org      Senior Research Scientist, McAfee Research

-- 
Wade Klaver
Wavefire Technologies Corporation
GPG Public Key at http://archeron.wavefire.com

/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
 X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list