From owner-freebsd-current@FreeBSD.ORG Sun Nov 2 22:17:59 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7926416A4CE for ; Sun, 2 Nov 2003 22:17:59 -0800 (PST) Received: from newops.tamu.edu (newops.tamu.edu [165.91.251.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id E143543F3F for ; Sun, 2 Nov 2003 22:17:58 -0800 (PST) (envelope-from nipsy@newops.tamu.edu) Received: by newops.tamu.edu (Postfix, from userid 1019) id 7FCE25C044; Mon, 3 Nov 2003 00:17:58 -0600 (CST) Date: Mon, 3 Nov 2003 00:17:58 -0600 From: Mark Nipper To: current@freebsd.org Message-ID: <20031103061758.GA71718@newops.tamu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Subject: possible NIS/ACL bug? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 06:17:59 -0000 I think I might have found a bug in ACL's under UFS2 with 5.1-RELEASE-p10. I have been using ACL's successfully for awhile now, but I'd never played with default ACL's for directories and files you create underneath said directories until I came across the daemon news article at: --- http://ezine.daemonnews.org/200310/acl.html Anyway, while playing and following the examples, I think I may have found a bug in ACL's when using NIS maps. Here's my example (extra newline between prompts): --- nipsy@xyz/p0:~/test> getfacl .. | setfacl -M - . nipsy@xyz/p0:~/test> getfacl . #file:. #owner:1019 #group:1019 user::rwx group::r-x group:nes:r-x group:loki:r-x mask::r-x other::r-x nipsy@xyz/p0:~/test> getfacl .. | setfacl -dM - . nipsy@xyz/p0:~/test> getfacl -d . #file:. #owner:1019 #group:1019 user::rwx group::r-x group:nes:r-x group:loki:r-x mask::r-x other::r-x nipsy@xyz/p0:~/test> touch something nipsy@xyz/p0:~/test> getfacl something #file:something #owner:1019 #group:1019 user::rw- group::r-x # effective: r-- group::r-x # effective: r-- group::r-x # effective: r-- mask::r-- other::r-- --- Uh oh! It's that last part where there are the two extra entries for the two ACL added groups, but no GID seems to have been stored with each entry, whereas the example in the daemon news article does actually show GID's in these places. So I assume this is an NIS/ACL bug of some kind? Both my uid and gid as well as both the gid's above (nes and loki) are mapped via NIS. If anyone needs me to do anything else, let me know. I don't feel nearly competent enough to start debugging the source for get/setfacl to try to grok any of this. :) -- Mark Nipper e-contacts: Computing and Information Services nipsy@tamu.edu Texas A&M University http://ops.tamu.edu/nipsy/ College Station, TX 77843-3142 AIM/Yahoo: texasnipsy ICQ: 66971617 (979)575-3193 MSN: nipsy@tamu.edu -----BEGIN GEEK CODE BLOCK----- GG/IT d- s++:+ a- C++$ UBL+++$ P--->+++ L+++$ E--- W++ N+ o K++ w(---) O++ M V(--) PS+++(+) PE(--) Y+ PGP++(+) t 5 X R tv b+++ DI+(++) D+ G e h r++ y+(**) ------END GEEK CODE BLOCK------ ---begin random quote of the moment--- "Well, if we told you how we did it, then it very well wouldn't be unbreakable, would it? You need to trust us with your data. These are not the backdoors you are looking for." -- random /. quote ----end random quote of the moment----