From owner-freebsd-current  Fri Nov  8  6:58:30 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5E71337B401; Fri,  8 Nov 2002 06:58:29 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 291EF43E3B; Fri,  8 Nov 2002 06:58:28 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id gA8EviOo066289;
	Fri, 8 Nov 2002 09:57:48 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 8 Nov 2002 09:57:43 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Dan Pelleg <daniel+bsd@pelleg.org>
Cc: current@freebsd.org, questions@freebsd.org
Subject: Re: setfacl requirements?
In-Reply-To: <15819.52313.101458.727704@gargle.gargle.HOWL>
Message-ID: <Pine.NEB.3.96L.1021108095400.16641E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Fri, 8 Nov 2002, Dan Pelleg wrote:

> I'm trying to use setfacl - just the example that's in the manpage. All
> I ever get is:  setfacl: acl_get_file() failed: Operation not supported

This error generally results from three cases:

(1) UFS_ACL isn't enabled
(2) Extended attributes aren't available on the file system (shouldn't
    happen for UFS2, but might happen for UFS1 if you don't have
    UFS_EXTATTR and appropriate configuration of EAs) 
(3) The file system isn't mounted with the ACL option: either -o acls (or
    acls in the fstab file), or more reliably, setting the "tunefs -a
    enable" flag in the file system configuration.

>  getfacl seems to work fwiw.

For better or for worse, POSIX.1e defines that getfacl() will print the
current file permissions as an ACL if ACLs aren't available on the file
system.  As such, you're probably just seeing the results of stat()
printed in an ACL form.

> Same results on UFS and UFS2 filesystems. I have UFS_ACL, also tried
> UFS_EXTATTR. -current as of about a week ago. 

With UFS2, it should be sufficient to run the following command on the
unmounted device:

	tunefs -a enable /dev/storagedevicehere

and then mount the file system, which will result in ACLs being
automatically enabled.  As mentioned above, it is possible to set the flag
using the mount -o options invocation, or via an fstab entry, but that's a
lot less reliable if some sort of failure occurs, and also doesn't work
well for the root file system.  tunefs is the most reliable way to enable
ACLs.

Let us know if that doesn't work.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message