Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Feb 2008 09:24:05 +0100
From:      Gergely CZUCZY <phoemix@harmless.hu>
To:        Andrei Kolu <antik@bsd.ee>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: FreeBSD 6.3 ACL problem
Message-ID:  <20080221082405.GA13505@harmless.hu>
In-Reply-To: <200802211021.41060.antik@bsd.ee>
References:  <200802210957.13651.antik@bsd.ee> <20080221081511.GA12457@harmless.hu> <200802211021.41060.antik@bsd.ee>
next in thread | previous in thread | raw e-mail | index | archive | help 

--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 21, 2008 at 10:21:40AM +0200, Andrei Kolu wrote:
> On Thursday 21 February 2008 10:15:11 Gergely CZUCZY wrote:
> > run ``id antik'' please. I've got a feeling that your antik user is
> > part of the "wheel" group, which is not allowed to chdir into that
> > directory.
> >
> sambatest# id antik
> uid=3D1001(antik) gid=3D1001(antik) groups=3D1001(antik),0(wheel)
>=20
> I should remove this user from wheel group or add particular permission? =
So=20
> wheel does not fit onto "other" definition in ACL?=20
It perfectly fits into that. Just that, the definition for wheel comes firs=
t, since
that's more specific. More specific first, general ones later, if i remembe=
r correctly.

I suggest fixiing the ACLs, that seems to be a solution. OTOH, removing him=
 from
wheel seems to be a workaround.

>=20
> > On Thu, Feb 21, 2008 at 09:57:13AM +0200, Andrei Kolu wrote:
> > > Hi, I have this strange problem with ACL- I can go to one particular
> > > directory with two different users but can't access it with third. NO=
TE:
> > > there is no common group set up like samba- all users access this
> > > directory according to ACL rules (other::r-x). Looks like different s=
hell
> > > does not matter (csh or sh). Only difference whas that I created user
> > > "antik" before I enabled ACL support for /usr filesystem. Should I re=
port
> > > this like bug?
> > >
> > > Commands listing:
> > > ---------------------------------------------------------------------
> > > sambatest# pwd
> > > /root
> > > sambatest# cd /home/
> > > sambatest# ll
> > > total 10
> > > drwxr-xr-x  2 antik  antik  512 Feb 20 16:23 antik
> > > drwxrwxr-x+ 3 samba  samba  512 Feb 20 15:53 samba
> > > drwxr-xr-x  2 test1  test1  512 Feb 21 09:29 test1
> > > drwxr-xr-x  2 test2  test2  512 Feb 20 16:40 test2
> > > sambatest# getfacl samba/
> > > #file:samba/
> > > #owner:1003
> > > #group:1003
> > > user::rwx
> > > user:nobody:rw-
> > > group::r-x
> > > group:wheel:rw-
> > > mask::rwx
> > > other::r-x
> > > sambatest# su - antik
> > > %cd /home/
> > > %ll
> > > total 10
> > > drwxr-xr-x  2 antik  antik  512 Feb 20 16:23 antik
> > > drwxrwxr-x+ 3 samba  samba  512 Feb 20 15:53 samba
> > > drwxr-xr-x  2 test1  test1  512 Feb 21 09:29 test1
> > > drwxr-xr-x  2 test2  test2  512 Feb 20 16:40 test2
> > > %cd samba/
> > > samba/: Permission denied.
> > > %logout
> > > sambatest# su - test2
> > > $ cd /home
> > > $ ll
> > > total 14
> > > drwxr-xr-x   6 root   wheel  - 512 Feb 20 16:40 ./
> > > drwxr-xr-x  17 root   wheel  - 512 Feb 20 14:01 ../
> > > drwxr-xr-x   2 antik  antik  - 512 Feb 20 16:23 antik/
> > > drwxrwxr-x+  3 samba  samba  - 512 Feb 20 15:53 samba/
> > > drwxr-xr-x   2 test1  test1  - 512 Feb 21 09:29 test1/
> > > drwxr-xr-x   2 test2  test2  - 512 Feb 20 16:40 test2/
> > > $ cd samba
> > > $ pwd
> > > /home/samba
> > > ---------------------------------------------------------------------
> > > _______________________________________________
> > > freebsd-fs@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> > > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org"
> >
> > Sincerely,
> >
> > Gergely Czuczy,
> > Harmless Digital
> > mailto: gergely.czuczy@harmless.hu
>=20
>=20
> _______________________________________________
> freebsd-fs@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org"

Sincerely,

Gergely Czuczy,
Harmless Digital
mailto: gergely.czuczy@harmless.hu

--=20
Legacy software is software that works.

--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

owHlV0+P20QUX1pxsQRtjxxAT2mr3Wpjx0423daQblfb0i60LNDlQDm0jj22R2t7
wsy42fQTcOgBcUECgbhyQAKJaxGfgAsIiRPiA/AdeDNjJ84mW1rUG/tHdt6835v3
fu/PTD596eTKiTO/fP/jR+uPPvvyhe9e/mG4npdSFomdB/wBLWzPdT3b6/Xdvr2B
T3I52nDjzSi8FPc2oxuP++d2WCFJIe39yYj4IMmh7IyygBavQ5gGXBA5KGVsX7Jq
vWtUjJigkrLCB1pktCDTtX0eFCIm3L5ehCyiReLDxyWTJLJHnBYyGGbEsvYK2E/L
NrxJhtD12tB13UsQSPBcv+v5G+72bVh3UdiG7SLihMLbLCthzNGOb10BA+ciCiYI
V1Z4GfCJMYM2vL7veXCD8IRkE9i5+8HO3Q9n6CvAywLu36cRBIWkB6urMMpIIIgD
u6sPCCRMQgAxIRhXAjJFvyas5EYZSkE4UKHtjAIugcWoQ6A1ThHRgoSzctSGcUrD
FPWgUNayjI1JBJIhoRFFfIGvyrI2gxISSsYnjvqI/yLIh4EkQp6F2kmUljQa9K6p
ZK5p0QVIFiVqdzEvbLtr2rcL1pVB10VDuyBSVmYRcJIzDFim6KeOK+YsB61sLAHD
sKNIB0rDMgs4jAjPqRCY+i0YWHeYMWkwESMm4JgiLyrGFkNueAsiEtNCFwzGDts7
t7YUblcqczEGj2lCjJgR48BbpZD6ta35bViI0SuzYchy3DGmXAws1BO0CImlMKsC
csYJiBEJaUxDB243P2oIAhJSEB5k6CuayZBy3gYaA1XMkHxIBhbHPTjXHjqWhcyV
SYKJQQOH1JQHUeGItikUQUguVJ6HBGtIYNUqjx3Y29+72TZ8K1RK84Gl2bZMIPO4
MeMHAfJfRLhnlbS66hebxr3s9zd9r/cvTaN+b9I2Zj8N6qQLid2aEBhxhn2Jqacy
VeHYqBUGBbaC8gnZaVRAZWpatAYkxwxFMTY+DgFdTAKGpVRWVrEBwpAIzK6slFPK
Iwfe2RtY+9dr31ShENMxKq85JtrUIM4fwEdGD4jpDFs1VLVHZVlFs+AYrjEe6Swx
FRX2fYZ5XtM16fvcPrzgwC3GDoQxPvMfyyklWVZbrMs6DySWCKyFIlWdIVLE7xVY
uzUyJFiYgTC1gBRygjUVaVcrWy3dky3Mc6wKchdIoUZipP0T5WjEcKSoAu+UAvuR
osMTIUnuwB3Ts7tYRQNLqU15o5X/wzLZMsJqaQdpDIpILQupRnElt5/HT2WrMatG
46gSdjhjclEhjKCTYst2FpemZEsmsSE9t+aejw8xUfgH0K1GcP3oe13TDC54F/1u
bzopp0CNXYee2QnqRxPY9/vV8tIdlXce1I8p0FNd171s5McCu1A/5l3dcI18kYaE
yDgIMyOqaTqrysCfF7ExTi4fp3yvluhmaUpU1WGVjw+bnws2ZNEEpXX+DEw1w5xA
j6WGWh6Ig6axWQ8tBiFKsOdycf5o4s//n9Ot2JhLpvngw7vToxVPu4KSyJnSxRJW
LmkozXTT9rlpj00FR6neWOI/XATVsfhijiO0uhCC01kC9DafCNzwXQ+cpciF9B7d
sk5wZ0mGF1JsH5PkY3aeT7N9TKKfAJ6leglTeqXTzEiz4M4156Ruiubq8xzN957t
p0LFnJChiOxYXK1eHcYTHABU34fVUVJpplKO/E5HSYTT0O0oXTx4OubYiVlnZrOC
7jMoC1EORcjpkODNjRTqojvR26jjujWD2A3Npkstqz7p7qh7H8e7fnsqml7+H5bh
QyOHmwHPM3VbuEYTir1gmcFGM8l8nLwa4IQacDWtdJ20rG5g5hr27Jw+HZ//kcvn
w6PVINA6ytwCa0/BmGXbiq5bJAnCCV6DYzkOzOVu+q6vSOqiKxzrk62TL66oL6L1
t9gzJ048Wvm691t2+Ld76vHPr77/2g3/lXt/xMP+yleny5b3+Ren17/51v7rvd//
PLX96xs//QM=
=XAEw
-----END PGP SIGNATURE-----

--CE+1k2dSO48ffgeK--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080221082405.GA13505>