GNU bug report logs -
#12020
ls should show when extended system attributes are set
Previous Next
Reported by: Luk Claes <luk <at> debian.org>
Date: Sat, 21 Jul 2012 21:17:07 UTC
Severity: normal
Tags: moreinfo, notabug
Done: Assaf Gordon <assafgordon <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #16 received at 12020 <at> debbugs.gnu.org (full text, mbox):
On 07/22/2012 12:50 AM, Luk Claes wrote:
> On 07/21/2012 11:56 PM, Eric Blake wrote:
>> tag 12020 moreinfo
>> thanks
>>
>> On 07/21/2012 12:41 PM, Luk Claes wrote:
>>> Hi
>>>
>>> Currently when using POSIX acls, this is not visible when listing files
>>> with ls. This means that users and system administrators cannot easily
>>> see when (non trivial) POSIX acls are in use which obviously can result
>>> in wrong expectations when only seeing the rwx kind of acls.
>>
>> What version of coreutils are you using, and on what distro?
>
> I'm using Debian, version 8.13
>
>>> At a minimum I would like that ls would show that extended system
>>> attributes are being used (maybe by showing something different than -
>>> for the type of file?).
>>
>> But ls _does_ already do that.
>
>> Notice how the 11th character changed from '+' (ACL present) to '.'
>> (SELinux label present)? That is, a trailing '+' is already what
>> coreutils uses to indicate the presence of ACLs (which generally provide
>> additional rights); and a trailing '.' indicates the presence of
>> restrictions (SELinux labels typically restrict rights depending on the
>> labeling of the calling context). On systems with neither ACLs nor
>> SELinux labels, then the 11th character is ' ' (space) to indicate no
>> other special permissions.
>
> Nice, though in that case it does apparently not vanish when I only
> remove the non-trivial acl again and keep the mask:
>
> $ getfacl foo
> # file: foo
> # owner: luk
> # group: luk
> user::rw-
> user:mongodb:rw-
> group::r--
> mask::rw-
> other::r--
>
> $ ls -l foo
> -rw-rw-r--+ 1 luk luk 5 Jul 22 00:37 foo
>
> $ setfacl -x u:mongodb foo
>
> $ ls -l foo
> -rw-r--r--+ 1 luk luk 5 Jul 22 00:37 foo
>
> $ getfacl foo
> # file: foo
> # owner: luk
> # group: luk
> user::rw-
> group::r--
> mask::r--
> other::r--
>
> Though I guess it's close enough, only a pitty it's not in the manpage.
But it apparently does not show when capabilites are active, could that
be added (or was that added in the meantime in a subsequent version)?
$ setcap cap_chown+ep foo
$ ls -l foo
-rw-r--r-- 1 luk luk 5 Jul 22 00:37 foo
$ sudo getcap foo
foo = cap_chown+ep
Cheers
Luk
This bug report was last modified 6 years and 295 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.