From owner-freebsd-fs@FreeBSD.ORG Thu Feb 21 08:43:32 2008 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEBF316A404 for ; Thu, 21 Feb 2008 08:43:32 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id 175AC13C4EC for ; Thu, 21 Feb 2008 08:43:32 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id 7A9307BFE5E; Thu, 21 Feb 2008 09:24:06 +0100 (CET) X-Virus-Scanned: by amavisd-new-2.5.3 (20071212) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id sq6f8vlfXyZH; Thu, 21 Feb 2008 09:24:06 +0100 (CET) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id 852AD7BFE79; Thu, 21 Feb 2008 09:24:05 +0100 (CET) Date: Thu, 21 Feb 2008 09:24:05 +0100 From: Gergely CZUCZY To: Andrei Kolu Message-ID: <20080221082405.GA13505@harmless.hu> References: <200802210957.13651.antik@bsd.ee> <20080221081511.GA12457@harmless.hu> <200802211021.41060.antik@bsd.ee> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: <200802211021.41060.antik@bsd.ee> User-Agent: mutt-ng/devel-r804 (FreeBSD) Cc: freebsd-fs@freebsd.org Subject: Re: FreeBSD 6.3 ACL problem X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 08:43:32 -0000 --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 21, 2008 at 10:21:40AM +0200, Andrei Kolu wrote: > On Thursday 21 February 2008 10:15:11 Gergely CZUCZY wrote: > > run ``id antik'' please. I've got a feeling that your antik user is > > part of the "wheel" group, which is not allowed to chdir into that > > directory. > > > sambatest# id antik > uid=3D1001(antik) gid=3D1001(antik) groups=3D1001(antik),0(wheel) >=20 > I should remove this user from wheel group or add particular permission? = So=20 > wheel does not fit onto "other" definition in ACL?=20 It perfectly fits into that. Just that, the definition for wheel comes firs= t, since that's more specific. More specific first, general ones later, if i remembe= r correctly. I suggest fixiing the ACLs, that seems to be a solution. OTOH, removing him= from wheel seems to be a workaround. >=20 > > On Thu, Feb 21, 2008 at 09:57:13AM +0200, Andrei Kolu wrote: > > > Hi, I have this strange problem with ACL- I can go to one particular > > > directory with two different users but can't access it with third. NO= TE: > > > there is no common group set up like samba- all users access this > > > directory according to ACL rules (other::r-x). Looks like different s= hell > > > does not matter (csh or sh). Only difference whas that I created user > > > "antik" before I enabled ACL support for /usr filesystem. Should I re= port > > > this like bug? > > > > > > Commands listing: > > > --------------------------------------------------------------------- > > > sambatest# pwd > > > /root > > > sambatest# cd /home/ > > > sambatest# ll > > > total 10 > > > drwxr-xr-x 2 antik antik 512 Feb 20 16:23 antik > > > drwxrwxr-x+ 3 samba samba 512 Feb 20 15:53 samba > > > drwxr-xr-x 2 test1 test1 512 Feb 21 09:29 test1 > > > drwxr-xr-x 2 test2 test2 512 Feb 20 16:40 test2 > > > sambatest# getfacl samba/ > > > #file:samba/ > > > #owner:1003 > > > #group:1003 > > > user::rwx > > > user:nobody:rw- > > > group::r-x > > > group:wheel:rw- > > > mask::rwx > > > other::r-x > > > sambatest# su - antik > > > %cd /home/ > > > %ll > > > total 10 > > > drwxr-xr-x 2 antik antik 512 Feb 20 16:23 antik > > > drwxrwxr-x+ 3 samba samba 512 Feb 20 15:53 samba > > > drwxr-xr-x 2 test1 test1 512 Feb 21 09:29 test1 > > > drwxr-xr-x 2 test2 test2 512 Feb 20 16:40 test2 > > > %cd samba/ > > > samba/: Permission denied. > > > %logout > > > sambatest# su - test2 > > > $ cd /home > > > $ ll > > > total 14 > > > drwxr-xr-x 6 root wheel - 512 Feb 20 16:40 ./ > > > drwxr-xr-x 17 root wheel - 512 Feb 20 14:01 ../ > > > drwxr-xr-x 2 antik antik - 512 Feb 20 16:23 antik/ > > > drwxrwxr-x+ 3 samba samba - 512 Feb 20 15:53 samba/ > > > drwxr-xr-x 2 test1 test1 - 512 Feb 21 09:29 test1/ > > > drwxr-xr-x 2 test2 test2 - 512 Feb 20 16:40 test2/ > > > $ cd samba > > > $ pwd > > > /home/samba > > > --------------------------------------------------------------------- > > > _______________________________________________ > > > freebsd-fs@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-fs > > > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" > > > > Sincerely, > > > > Gergely Czuczy, > > Harmless Digital > > mailto: gergely.czuczy@harmless.hu >=20 >=20 > _______________________________________________ > freebsd-fs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-fs > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" Sincerely, Gergely Czuczy, Harmless Digital mailto: gergely.czuczy@harmless.hu --=20 Legacy software is software that works. --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) owHlV0+P20QUX1pxsQRtjxxAT2mr3Wpjx0423daQblfb0i60LNDlQDm0jj22R2t7 wsy42fQTcOgBcUECgbhyQAKJaxGfgAsIiRPiA/AdeDNjJ84mW1rUG/tHdt6835v3 fu/PTD596eTKiTO/fP/jR+uPPvvyhe9e/mG4npdSFomdB/wBLWzPdT3b6/Xdvr2B T3I52nDjzSi8FPc2oxuP++d2WCFJIe39yYj4IMmh7IyygBavQ5gGXBA5KGVsX7Jq vWtUjJigkrLCB1pktCDTtX0eFCIm3L5ehCyiReLDxyWTJLJHnBYyGGbEsvYK2E/L NrxJhtD12tB13UsQSPBcv+v5G+72bVh3UdiG7SLihMLbLCthzNGOb10BA+ciCiYI V1Z4GfCJMYM2vL7veXCD8IRkE9i5+8HO3Q9n6CvAywLu36cRBIWkB6urMMpIIIgD u6sPCCRMQgAxIRhXAjJFvyas5EYZSkE4UKHtjAIugcWoQ6A1ThHRgoSzctSGcUrD FPWgUNayjI1JBJIhoRFFfIGvyrI2gxISSsYnjvqI/yLIh4EkQp6F2kmUljQa9K6p ZK5p0QVIFiVqdzEvbLtr2rcL1pVB10VDuyBSVmYRcJIzDFim6KeOK+YsB61sLAHD sKNIB0rDMgs4jAjPqRCY+i0YWHeYMWkwESMm4JgiLyrGFkNueAsiEtNCFwzGDts7 t7YUblcqczEGj2lCjJgR48BbpZD6ta35bViI0SuzYchy3DGmXAws1BO0CImlMKsC csYJiBEJaUxDB243P2oIAhJSEB5k6CuayZBy3gYaA1XMkHxIBhbHPTjXHjqWhcyV SYKJQQOH1JQHUeGItikUQUguVJ6HBGtIYNUqjx3Y29+72TZ8K1RK84Gl2bZMIPO4 MeMHAfJfRLhnlbS66hebxr3s9zd9r/cvTaN+b9I2Zj8N6qQLid2aEBhxhn2Jqacy VeHYqBUGBbaC8gnZaVRAZWpatAYkxwxFMTY+DgFdTAKGpVRWVrEBwpAIzK6slFPK Iwfe2RtY+9dr31ShENMxKq85JtrUIM4fwEdGD4jpDFs1VLVHZVlFs+AYrjEe6Swx FRX2fYZ5XtM16fvcPrzgwC3GDoQxPvMfyyklWVZbrMs6DySWCKyFIlWdIVLE7xVY uzUyJFiYgTC1gBRygjUVaVcrWy3dky3Mc6wKchdIoUZipP0T5WjEcKSoAu+UAvuR osMTIUnuwB3Ts7tYRQNLqU15o5X/wzLZMsJqaQdpDIpILQupRnElt5/HT2WrMatG 46gSdjhjclEhjKCTYst2FpemZEsmsSE9t+aejw8xUfgH0K1GcP3oe13TDC54F/1u bzopp0CNXYee2QnqRxPY9/vV8tIdlXce1I8p0FNd171s5McCu1A/5l3dcI18kYaE yDgIMyOqaTqrysCfF7ExTi4fp3yvluhmaUpU1WGVjw+bnws2ZNEEpXX+DEw1w5xA j6WGWh6Ig6axWQ8tBiFKsOdycf5o4s//n9Ot2JhLpvngw7vToxVPu4KSyJnSxRJW LmkozXTT9rlpj00FR6neWOI/XATVsfhijiO0uhCC01kC9DafCNzwXQ+cpciF9B7d sk5wZ0mGF1JsH5PkY3aeT7N9TKKfAJ6leglTeqXTzEiz4M4156Ruiubq8xzN957t p0LFnJChiOxYXK1eHcYTHABU34fVUVJpplKO/E5HSYTT0O0oXTx4OubYiVlnZrOC 7jMoC1EORcjpkODNjRTqojvR26jjujWD2A3Npkstqz7p7qh7H8e7fnsqml7+H5bh QyOHmwHPM3VbuEYTir1gmcFGM8l8nLwa4IQacDWtdJ20rG5g5hr27Jw+HZ//kcvn w6PVINA6ytwCa0/BmGXbiq5bJAnCCV6DYzkOzOVu+q6vSOqiKxzrk62TL66oL6L1 t9gzJ048Wvm691t2+Ld76vHPr77/2g3/lXt/xMP+yleny5b3+Ren17/51v7rvd// PLX96xs//QM= =XAEw -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--