From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 05 05:48:42 2024 Received: (at submit) by debbugs.gnu.org; 5 Apr 2024 09:48:43 +0000 Received: from localhost ([127.0.0.1]:35228 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsgBc-0007O9-P0 for submit@debbugs.gnu.org; Fri, 05 Apr 2024 05:48:42 -0400 Received: from lists.gnu.org ([2001:470:142::17]:46130) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rsgBZ-0007NE-8k for submit@debbugs.gnu.org; Fri, 05 Apr 2024 05:48:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsgBN-0008Dz-59 for bug-coreutils@gnu.org; Fri, 05 Apr 2024 05:48:25 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsgBG-0006ts-MG for bug-coreutils@gnu.org; Fri, 05 Apr 2024 05:48:24 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1712310495; cv=none; d=strato.com; s=strato-dkim-0002; b=ctgKixkY2Rtoc5YyftIKg9BTLEhIWERJgxQ1wQUk0imFkGF9hED81ivoFXeuXivZpc T8OKzGeawWFbY0lbqxovahViw16mccBA6xGhffvhhHurdsu9AU0Zn3ipu2mYAcyT0sLn a+tW9apZJOePKTPqNRDHRzQtQpRKodW2ukVQCePFK8pWikKg67nf8sGslb5CxxeQ0y2e fSfF6lZlVukHxsBXFWzahdUOhMnrC7aOXkKqk3x+Fx1O0+5jjsWmNFBghXaU2ZShoshG w7stz3VlLN5ZHATvLsnMt7zX1ZF/2TM2EaGX8yofga0VT8zly08jcal21XBvJJI2BUqp R0fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1712310495; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=h9PXe7lXX7EYsVjFdafKimIfM0OoIuhrhHu7qgUUXVU=; b=eKvuCgRzte9AB2qecp5fvzc//gGscfmwT9i1M7w5DxivugRirUl1VvnQ0OOHCNhXce YB6CF0z7MNAjPQvvRBa+OrZpq9245Y+LY+sJ69uRROI5ZXCeVqnZeKJrmlKuPph8fjdZ XzbdiWZRzF9SCo9S9I+qcupSWe3dv3k/G/i83H2YqrOJ+z/nFe+x2Q9Sex7dS7A9hcqF CncZbwL4BmhNbTUJ9payfbkrHFenQ/LQbpbSDMhdiVbabtGMJd06OB6/cU1dDsDBabpv j3/CVt1Jg8XMIXloaHlzCPovCeVijst1HbAn6CgXxWjTeuj//m8RiB/bH37Zb7jpbp2V ORpg== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1712310495; s=strato-dkim-0002; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=h9PXe7lXX7EYsVjFdafKimIfM0OoIuhrhHu7qgUUXVU=; b=DLgpqF/TKSqKediLg64tgZCaEYPtl+9TbW/tuv1+K6fM0g1UrIFlU6FHBCL9a3f6VI k2wuFzE+d+tjL/kE2jkh2cozFD5Q2tTMs9TP7CGujofUyTpdUdV9FXZ2hoXnAfcoRy+9 IdhSO7ONIQ0/1Wo9DDqBSKq7JRkqPRlI+WcZZU/Vj+GD5fg2bawTUb5Z8K2h7WEudgOr U3iha+RhFfVTt3YjXGoqi6GkSjBO27+ZKq5WKeNnkFBEPp5i26ZB+FmZSmCrHB9z8bzk DI0dhL7nQnTiUe33lBOZn1DFHfX9DX73oDlS1Kab5zswX5ye6TwdUcIrFy4wYbsy1tuV DnOQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1712310495; s=strato-dkim-0003; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=h9PXe7lXX7EYsVjFdafKimIfM0OoIuhrhHu7qgUUXVU=; b=zZ48PCzN/B8WluJQQMDQcC95giS1dzaXQZH5WwO1ooBq41D9vVOVdTP5X9HytNNPpw QcwIATOXz7ouKPj76lCQ== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpPF3f0pDc6DeucVrbE72r1VGIA=" Received: from nimes.localnet by smtp.strato.de (RZmta 50.3.2 AUTH) with ESMTPSA id N861000359mE50F (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Fri, 5 Apr 2024 11:48:14 +0200 (CEST) From: Bruno Haible To: bug-coreutils@gnu.org Subject: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Date: Fri, 05 Apr 2024 11:48:14 +0200 Message-ID: <6127852.nNyiNAGI2d@nimes> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=85.215.255.22; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, The 'install' program from coreutils-9.5 fails to copy a regular file from an ext4 mount to an autofs/cifs mount. The same operation, with 'cp -a', works fine. Also, it works fine when coreutils was built with the configure options "--disable-acl --disable-xattr". How to reproduce ================ 1) On the machine sparcdev.matoro.tk (Linux 6.8.2), I built coreutils-9.5 from source, - once with default options, in build-sparc64/, - once with "--disable-acl --disable-xattr", in build-sparc64-no-acl/. 2) Create a regular file on an ext4 mount: $ echo hi > /var/tmp/foo3941 $ ls -lZ /var/tmp/foo3941 -rw-r----- 1 g-haible g-haible ? 3 Apr 4 13:29 /var/tmp/foo3941 $ getfacl /var/tmp/foo3941 getfacl: Removing leading '/' from absolute path names # file: var/tmp/foo3941 # owner: g-haible # group: g-haible user::rw- group::r-- other::--- $ df -m /var/tmp/ Filesystem 1M-blocks Used Available Use% Mounted on /dev/root 560245 123140 408574 24% / $ mount | grep ' / ' /dev/sda2 on / type ext4 (rw,noatime) 3) Details about the destination directory: $ echo $HOME /media/guest-homedirs/haible $ mount | grep /media/guest-homedirs/haible /etc/autofs/auto.guest-homedirs on /media/guest-homedirs/haible type autofs (rw,relatime,fd=7,pgrp=2325,timeout=60,minproto=5,maxproto=5,direct,pipe_ino=46092) //syslog.matoro.tk/guest-haible on /media/guest-homedirs/haible type cifs (rw,nosuid,relatime,vers=1.0,cache=strict,username=nobody,uid=30014,forceuid,gid=30014,forcegid,addr=fd05:0000:0000:0000:0000:0000:0000:0001,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) 4) The operation that fails: $ build-sparc64/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941; echo $? build-sparc64/src/ginstall: setting permissions for '/media/guest-homedirs/haible/foo3941': Permission denied 1 $ build-sparc64-no-acl/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941; echo $? 0 5) The same thing with 'cp -a' succeeds: $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? 0 $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? 0 6) 'strace' shows a failing call to fsetxattr: $ strace build-sparc64/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941 execve("build-sparc64/src/ginstall", ["build-sparc64/src/ginstall", "-c", "/var/tmp/foo3941", "/media/guest-homedirs/haible/foo"...], 0x7feffffce28 /* 43 vars */) = 0 brk(NULL) = 0x10000204000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=41866, ...}) = 0 mmap(NULL, 41866, PROT_READ, MAP_PRIVATE, 3, 0) = 0xfff8000100028000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libacl.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\0\0\0"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=1052312, ...}) = 0 mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfff8000100034000 mmap(NULL, 3147696, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100206000 mmap(0xfff8000100300000, 2099120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100300000 munmap(0xfff8000100206000, 1024000) = 0 munmap(0xfff8000100502000, 18352) = 0 mprotect(0xfff8000100308000, 2056192, PROT_NONE) = 0 mmap(0xfff80001004fe000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xfe000) = 0xfff80001004fe000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\0\0\0"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=1051928, ...}) = 0 mmap(NULL, 3147288, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100502000 mmap(0xfff8000100600000, 2098712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100600000 munmap(0xfff8000100502000, 1040384) = 0 munmap(0xfff8000100802000, 1560) = 0 mprotect(0xfff8000100604000, 2072576, PROT_NONE) = 0 mmap(0xfff80001007fe000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xfe000) = 0xfff80001007fe000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\3\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\2\305\240"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=2110256, ...}) = 0 mmap(NULL, 4233760, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100802000 mmap(0xfff8000100900000, 3185184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100900000 munmap(0xfff8000100802000, 1040384) = 0 munmap(0xfff8000100c0a000, 6688) = 0 mprotect(0xfff8000100a8e000, 1499136, PROT_NONE) = 0 mmap(0xfff8000100bfc000, 24576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1fc000) = 0xfff8000100bfc000 mmap(0xfff8000100c02000, 31264, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xfff8000100c02000 close(3) = 0 set_tid_address(0xfff80001000365f0) = 28674 set_robust_list(0xfff8000100036600, 24) = 0 mprotect(0xfff8000100bfc000, 16384, PROT_READ) = 0 mprotect(0xfff80001007fe000, 8192, PROT_READ) = 0 mprotect(0xfff80001004fe000, 8192, PROT_READ) = 0 mprotect(0x100001fe000, 8192, PROT_READ) = 0 mprotect(0xfff80001001fe000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0xfff8000100028000, 41866) = 0 getrandom("\x78\x3e\xea\xde\x42\xab\xf0\x1b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x10000204000 brk(0x10000226000) = 0x10000226000 openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=3061520, ...}) = 0 mmap(NULL, 3061520, PROT_READ, MAP_PRIVATE, 3, 0) = 0xfff8000100c0c000 close(3) = 0 openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2998, ...}) = 0 read(3, "# Locale name alias data base.\n#"..., 4096) = 2998 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/de_DE.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de_DE.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de_DE/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) geteuid() = 30014 umask(000) = 027 openat(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", O_RDONLY|O_PATH|O_DIRECTORY) = -1 ENOTDIR (Not a directory) fstatat64(AT_FDCWD, "/var/tmp/foo3941", {st_mode=S_IFREG|0640, st_size=3, ...}, 0) = 0 fstatat64(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", {st_mode=S_IFREG|0640, st_size=3, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlinkat(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", 0) = 0 openat(AT_FDCWD, "/var/tmp/foo3941", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0640, st_size=3, ...}) = 0 openat(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", O_WRONLY|O_CREAT|O_EXCL, 0600) = 4 ioctl(4, BTRFS_IOC_CLONE or FICLONE, 3) = -1 EXDEV (Invalid cross-device link) fstat64(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 fadvise64_64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0 uname({sysname="Linux", nodename="matoro-sparcdev", ...}) = 0 copy_file_range(3, NULL, 4, NULL, 9223372035781033984, 0) = -1 EXDEV (Invalid cross-device link) mmap(NULL, 1064960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfff8000100038000 read(3, "hi\n", 1048576) = 3 write(4, "hi\n", 3) = 3 read(3, "", 1048576) = 0 fsetxattr(4, "system.posix_acl_access", "\2\0\0\0\1\0\6\0\377\377\377\377\4\0\0\0\377\377\377\377 \0\0\0\377\377\377\377", 28, 0) = -1 EACCES (Permission denied) fchmod(4, 0600) = 0 write(2, "build-sparc64/src/ginstall: ", 28build-sparc64/src/ginstall: ) = 28 write(2, "setting permissions for '/media/"..., 62setting permissions for '/media/guest-homedirs/haible/foo3941') = 62 write(2, ": Permission denied", 19: Permission denied) = 19 write(2, "\n", 1 ) = 1 close(4) = 0 close(3) = 0 munmap(0xfff8000100038000, 1064960) = 0 _llseek(0, 0, 0x7feffbca600, SEEK_CUR) = -1 ESPIPE (Illegal seek) close(0) = 0 close(1) = 0 close(2) = 0 exit_group(1) = ? +++ exited with 1 +++ 7) Symbol differences between the two builds: $ nm build-sparc64/src/ginstall | grep acl 000000000001725c T acl_access_nontrivial 000000000001732c T acl_default_nontrivial U acl_delete_def_file@ACL_1.0 U acl_entries@ACL_1.0 0000000000018b24 T acl_errno_valid U acl_free@ACL_1.0 U acl_from_mode@ACL_1.0 U acl_get_entry@ACL_1.0 U acl_get_tag_type@ACL_1.0 U acl_set_fd@ACL_1.0 U acl_set_file@ACL_1.0 000000000000b5f4 T copy_acl 000000000000fbb8 T qcopy_acl 000000000000fc3c T qset_acl 000000000000b6d4 T set_acl 0000000000017394 t set_acls.isra.0 $ nm build-sparc64-no-acl/src/ginstall | grep acl 000000000000ade8 T copy_acl 000000000000f37c T qcopy_acl 000000000000f40c T qset_acl 000000000000aec8 T set_acl Notes ===== The 'cp' program does *not* use fsetxattr() calls on the destination file descriptor and therefore does not fail: $ strace build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941 execve("build-sparc64/src/cp", ["build-sparc64/src/cp", "-a", "/var/tmp/foo3941", "/media/guest-homedirs/haible/foo"...], 0x7feffc96e38 /* 43 vars */) = 0 brk(NULL) = 0x10000202000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=41866, ...}) = 0 mmap(NULL, 41866, PROT_READ, MAP_PRIVATE, 3, 0) = 0xfff8000100028000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libacl.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\0\0\0"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=1052312, ...}) = 0 mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfff8000100034000 mmap(NULL, 3147696, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100494000 mmap(0xfff8000100500000, 2099120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100500000 munmap(0xfff8000100494000, 442368) = 0 munmap(0xfff8000100702000, 599984) = 0 mprotect(0xfff8000100508000, 2056192, PROT_NONE) = 0 mmap(0xfff80001006fe000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xfe000) = 0xfff80001006fe000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\0\0\0"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=1051928, ...}) = 0 mmap(NULL, 3147288, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100702000 mmap(0xfff8000100800000, 2098712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100800000 munmap(0xfff8000100702000, 1040384) = 0 munmap(0xfff8000100a02000, 1560) = 0 mprotect(0xfff8000100804000, 2072576, PROT_NONE) = 0 mmap(0xfff80001009fe000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xfe000) = 0xfff80001009fe000 close(3) = 0 openat(AT_FDCWD, "/usr/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\3\0\0\0\0\0\0\0\0\0\3\0+\0\0\0\1\0\0\0\0\0\2\305\240"..., 832) = 832 fstat64(3, {st_mode=S_IFREG|0755, st_size=2110256, ...}) = 0 mmap(NULL, 4233760, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_DENYWRITE, -1, 0) = 0xfff8000100a02000 mmap(0xfff8000100b00000, 3185184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xfff8000100b00000 munmap(0xfff8000100a02000, 1040384) = 0 munmap(0xfff8000100e0a000, 6688) = 0 mprotect(0xfff8000100c8e000, 1499136, PROT_NONE) = 0 mmap(0xfff8000100dfc000, 24576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1fc000) = 0xfff8000100dfc000 mmap(0xfff8000100e02000, 31264, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xfff8000100e02000 close(3) = 0 set_tid_address(0xfff80001000365d0) = 29091 set_robust_list(0xfff80001000365e0, 24) = 0 mprotect(0xfff8000100dfc000, 16384, PROT_READ) = 0 mprotect(0xfff80001009fe000, 8192, PROT_READ) = 0 mprotect(0xfff80001006fe000, 8192, PROT_READ) = 0 mprotect(0x100001fe000, 8192, PROT_READ) = 0 mprotect(0xfff80001001fe000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0xfff8000100028000, 41866) = 0 getrandom("\x26\xa7\x29\x29\xf6\x69\x36\x3e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x10000202000 brk(0x10000224000) = 0x10000224000 openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=3061520, ...}) = 0 mmap(NULL, 3061520, PROT_READ, MAP_PRIVATE, 3, 0) = 0xfff8000100e0c000 close(3) = 0 openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2998, ...}) = 0 read(3, "# Locale name alias data base.\n#"..., 4096) = 2998 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/de_DE.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de_DE.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de_DE/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/de/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) geteuid() = 30014 openat(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", O_RDONLY|O_PATH|O_DIRECTORY) = -1 ENOTDIR (Not a directory) fstatat64(AT_FDCWD, "/var/tmp/foo3941", {st_mode=S_IFREG|0640, st_size=3, ...}, AT_SYMLINK_NOFOLLOW) = 0 fstatat64(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", {st_mode=S_IFREG|0600, st_size=3, ...}, 0) = 0 openat(AT_FDCWD, "/var/tmp/foo3941", O_RDONLY|O_NOFOLLOW) = 3 fstat64(3, {st_mode=S_IFREG|0640, st_size=3, ...}) = 0 openat(AT_FDCWD, "/media/guest-homedirs/haible/foo3941", O_WRONLY|O_TRUNC) = 4 ioctl(4, BTRFS_IOC_CLONE or FICLONE, 3) = -1 EXDEV (Invalid cross-device link) fstat64(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 fadvise64_64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0 uname({sysname="Linux", nodename="matoro-sparcdev", ...}) = 0 copy_file_range(3, NULL, 4, NULL, 9223372035781033984, 0) = -1 EXDEV (Invalid cross-device link) mmap(NULL, 1064960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfff8000100038000 read(3, "hi\n", 1048576) = 3 write(4, "hi\n", 3) = 3 read(3, "", 1048576) = 0 utimensat(4, NULL, [{tv_sec=1712251745, tv_nsec=269582795} /* 2024-04-04T13:29:05.269582795-0400 */, {tv_sec=1712251745, tv_nsec=270582848} /* 2024-04-04T13:29:05.270582848-0400 */], 0) = 0 flistxattr(3, NULL, 0) = 0 flistxattr(3, 0x7feff9860a0, 0) = 0 fchmod(4, 0100640) = 0 flistxattr(3, NULL, 0) = 0 flistxattr(3, 0x7feff9860c0, 0) = 0 close(4) = 0 close(3) = 0 munmap(0xfff8000100038000, 1064960) = 0 _llseek(0, 0, 0x7feff986600, SEEK_CUR) = -1 ESPIPE (Illegal seek) close(0) = 0 close(1) = 0 close(2) = 0 exit_group(0) = ? +++ exited with 0 +++ As you can see, it uses 4 flistxattr() calls on the source file descriptor, apparently detecting that it's a regular file without ACLs, and proceeds to do a simple fchmod() call on the destination file descriptor. Probably the same logic is needed in the 'install' program. Bruno From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 13 12:39:34 2024 Received: (at 70214) by debbugs.gnu.org; 13 Apr 2024 16:39:34 +0000 Received: from localhost ([127.0.0.1]:33716 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvgPa-0006cN-UT for submit@debbugs.gnu.org; Sat, 13 Apr 2024 12:39:33 -0400 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]:58391) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvgPW-0006au-Vx for 70214@debbugs.gnu.org; Sat, 13 Apr 2024 12:39:29 -0400 Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3455ff1339dso1216502f8f.0 for <70214@debbugs.gnu.org>; Sat, 13 Apr 2024 09:39:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713026350; x=1713631150; darn=debbugs.gnu.org; h=in-reply-to:cc:from:references:to:content-language:subject :user-agent:mime-version:date:message-id:sender:from:to:cc:subject :date:message-id:reply-to; bh=knRFJoh5OGoSbun8MYPwjrWHJZ8UrXl1ibNK7Szz5ZU=; b=Dl5sTH/ZuOT/36PMzamzfhqUwr/440TTeXsCEkVpHvKwO907HLnquqpoiE4J9l5cEH 86p7bDW9EAkLYPR3EQI+fKIjajSVjM864ADydwITYBQZfEhvbraTkQgW1Q9IwzONQ6PX WVOdaQXvGxD3QemJTYlGOugf6Ny+82+GjxIxxp/GabnP268ichGmyy1pdgbLdXAa5I7s tD0AwI7KwZKvqd0xTjID8MFDevnBjTVsXnkF9SaqXckfcjd2cjAn1C8q3cnYacviLL4j 5oG3cGSiV2Y2ZpEQbya6IIjWHwlc/72h2PwGIZ4MbrPSTZ1yu+iQHGkaqRSmvvkJjW9t bzKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713026350; x=1713631150; h=in-reply-to:cc:from:references:to:content-language:subject :user-agent:mime-version:date:message-id:sender:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=knRFJoh5OGoSbun8MYPwjrWHJZ8UrXl1ibNK7Szz5ZU=; b=v74OaU+dQDUS12WzH7J3f5OIrd1cOA98CIvA1z/CO5g/Mct3dpbgIBSj68jdRsGbHR IQQXV2q/6ZabGn1rbnFiGmhdrdR8pZdFqlO0XuOfWjdCIDlQmllLBqBeybG9Tq1VL44q CUuglwMmsbvv7xPewnV/Z0ZnKIrGUKNug4FGUT62k7sNDomQu9ZmYkx0d1dXhlBXgaNR ERGGkJ3Y+sJRyuaAFOxlaFBD8ORoX68Fl/G6gN3Q7lmjbSCQfrRE2Oyau4Z4UgPvp4gk dtv7FBokWsYfvx2apE5oB52/iKPQTxPrcF0PV39v1LnS3MTsojhBEj/AP7nB3rtD6MBG R8fw== X-Forwarded-Encrypted: i=1; AJvYcCU5VNJh4GMz6/Wd9wmkHBfGi+MnAFof2ZT6dhzO6rua+Lc2c35iSZB24revqZf2LACxsm72WPzQV3wXJyUGvP3iPlP62LI= X-Gm-Message-State: AOJu0YyqHMbd7hlJsHgd6y679ZaBhnPfgn8hnh3ngyOcLsauiahNMo35 Oan/rTENABzFx7Ong0/Q9KPfRsz2e1UXWzFMZFYnZiJRCt+oJlWs X-Google-Smtp-Source: AGHT+IHabx+k3tzEoNYYpQ03rmsGgOGzU9f9vULWpEk98okXL/YZEgGo/8Ij93gsm/zwEVmrmG68Gg== X-Received: by 2002:a5d:59a5:0:b0:343:41ef:ab30 with SMTP id p5-20020a5d59a5000000b0034341efab30mr5622243wrr.47.1713026350201; Sat, 13 Apr 2024 09:39:10 -0700 (PDT) Received: from [192.168.1.53] (86-44-211-146-dynamic.agg2.lod.rsl-rtd.eircom.net. [86.44.211.146]) by smtp.googlemail.com with ESMTPSA id n12-20020adfe78c000000b00343723c126asm6901056wrm.48.2024.04.13.09.39.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 13 Apr 2024 09:39:09 -0700 (PDT) Content-Type: multipart/mixed; boundary="------------dYYnLbH9v0yokecJ9Tj0uYli" Message-ID: Date: Sat, 13 Apr 2024 17:39:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Content-Language: en-US To: Bruno Haible , 70214@debbugs.gnu.org References: <6127852.nNyiNAGI2d@nimes> From: =?UTF-8?Q?P=C3=A1draig_Brady?= In-Reply-To: <6127852.nNyiNAGI2d@nimes> X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 70214 Cc: "linux-cifs@vger.kernel.org" , Andreas Gruenbacher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) This is a multi-part message in MIME format. --------------dYYnLbH9v0yokecJ9Tj0uYli Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 05/04/2024 10:48, Bruno Haible wrote: > Hi, > > The 'install' program from coreutils-9.5 fails to copy a regular file > from an ext4 mount to an autofs/cifs mount. > > The same operation, with 'cp -a', works fine. > > Also, it works fine when coreutils was built with the configure options > "--disable-acl --disable-xattr". > > How to reproduce > ================ > > 1) On the machine sparcdev.matoro.tk (Linux 6.8.2), I built coreutils-9.5 > from source, > - once with default options, in build-sparc64/, > - once with "--disable-acl --disable-xattr", in build-sparc64-no-acl/. > > 2) Create a regular file on an ext4 mount: > > $ echo hi > /var/tmp/foo3941 > $ ls -lZ /var/tmp/foo3941 > -rw-r----- 1 g-haible g-haible ? 3 Apr 4 13:29 /var/tmp/foo3941 > $ getfacl /var/tmp/foo3941 > getfacl: Removing leading '/' from absolute path names > # file: var/tmp/foo3941 > # owner: g-haible > # group: g-haible > user::rw- > group::r-- > other::--- > $ df -m /var/tmp/ > Filesystem 1M-blocks Used Available Use% Mounted on > /dev/root 560245 123140 408574 24% / > $ mount | grep ' / ' > /dev/sda2 on / type ext4 (rw,noatime) > > 3) Details about the destination directory: > > $ echo $HOME > /media/guest-homedirs/haible > $ mount | grep /media/guest-homedirs/haible > /etc/autofs/auto.guest-homedirs on /media/guest-homedirs/haible type autofs (rw,relatime,fd=7,pgrp=2325,timeout=60,minproto=5,maxproto=5,direct,pipe_ino=46092) > //syslog.matoro.tk/guest-haible on /media/guest-homedirs/haible type cifs (rw,nosuid,relatime,vers=1.0,cache=strict,username=nobody,uid=30014,forceuid,gid=30014,forcegid,addr=fd05:0000:0000:0000:0000:0000:0000:0001,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) > > 4) The operation that fails: > > $ build-sparc64/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941; echo $? > build-sparc64/src/ginstall: setting permissions for '/media/guest-homedirs/haible/foo3941': Permission denied > 1 > $ build-sparc64-no-acl/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941; echo $? > 0 > > 5) The same thing with 'cp -a' succeeds: > > $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? > 0 > $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? > 0 > > 6) 'strace' shows a failing call to fsetxattr: > > $ strace build-sparc64/src/ginstall -c /var/tmp/foo3941 $HOME/foo3941 > fsetxattr(4, "system.posix_acl_access", "\2\0\0\0\1\0\6\0\377\377\377\377\4\0\0\0\377\377\377\377 \0\0\0\377\377\377\377", 28, 0) = -1 EACCES (Permission denied) > fchmod(4, 0600) = 0 > Notes > ===== > > The 'cp' program does *not* use fsetxattr() calls on the destination file > descriptor and therefore does not fail: > > $ strace build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941 > flistxattr(3, NULL, 0) = 0 > flistxattr(3, 0x7feff9860a0, 0) = 0 > fchmod(4, 0100640) = 0 > flistxattr(3, NULL, 0) = 0 > flistxattr(3, 0x7feff9860c0, 0) = 0 > As you can see, it uses 4 flistxattr() calls on the source file descriptor, > apparently detecting that it's a regular file without ACLs, and proceeds to > do a simple fchmod() call on the destination file descriptor. > > Probably the same logic is needed in the 'install' program. install(1) defaults to mode 600 for new files, and uses set_acl() with that (since 2007 https://github.com/coreutils/coreutils/commit/f634e8844 ) The psuedo code that install(1) uses is: copy_reg() if (x->set_mode) /* install */ set_acl(dest, x->mode /* 600 */) ctx->acl = acl_from_mode ( /* 600 */) acl_set_fd (ctx->acl) /* fails EACCES */ if (! acls_set) must_chmod = true; if (must_chmod) saved_errno = EACCES; chmod (ctx->mode /* 600 */) if (save_errno) return -1; This issue only only seems to be on CIFS. I'm seeing lot of weird behavior with ACLs there: acl_set_fd (acl_from_mode (600)) -> EACCES acl_set_fd (acl_from_mode (755)) -> EINVAL getxattr ("system.posix_acl_access") -> EOPNOTSUPP Note we ignore EINVAL and EOPNOTSUPP errors in set_acl(), and it's just the EACCES that's problematic. Note this is quite similar to https://debbugs.gnu.org/65599 where Paul also noticed EACCES with fsetxattr() (and others) on CIFS. The attached is a potential solution which I tested as working on the same matoro system that Bruno used. I think I'll apply that after thinking a bit more about it. cheers, Pádraig. --------------dYYnLbH9v0yokecJ9Tj0uYli Content-Type: text/x-patch; charset=UTF-8; name="gnulib-set-acl-cifs.patch" Content-Disposition: attachment; filename="gnulib-set-acl-cifs.patch" Content-Transfer-Encoding: base64 RnJvbSBkODI4ZDk2NTZjM2JkMWRkZjBmY2RkYjU3OGRkYjJlZDlhNGQzNzAxIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/UD1DMz1BMWRyYWlnPTIwQnJhZHk/ PSA8UEBkcmFpZ0JyYWR5LmNvbT4KRGF0ZTogU2F0LCAxMyBBcHIgMjAyNCAxNzoxMzowMiAr MDEwMApTdWJqZWN0OiBbUEFUQ0hdIGFjbC1wZXJtaXNzaW9uczogYXZvaWQgZXJyb25lb3Vz IGZhaWx1cmUgb24gQ0lGUwoKKiBsaWIvc2V0LXBlcm1pc3Npb25zLmMgKHNldF9hY2xzKTog T24gTGludXggYWxzbyBkaXNjb3VudApFQUNFU1MgYXMgYSB2YWxpZCBlcnJubyB3aXRoIEZE IG9wZXJhdGlvbnMsIGFzIENJRlMgd2FzIHNlZW4gdG8KcmV0dXJuIHRoYXQgZXJyb25lb3Vz bHkgaW4gc29tZSBjYXNlcy4KLS0tCiBDaGFuZ2VMb2cgICAgICAgICAgICAgfCA3ICsrKysr KysKIGxpYi9zZXQtcGVybWlzc2lvbnMuYyB8IDggKysrKysrKy0KIDIgZmlsZXMgY2hhbmdl ZCwgMTQgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL0NoYW5n ZUxvZyBiL0NoYW5nZUxvZwppbmRleCBjNzIxNjVlMjY4Li5mZDA5NGQxMDkxIDEwMDY0NAot LS0gYS9DaGFuZ2VMb2cKKysrIGIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTAgQEAKKzIwMjQt MDQtMTMgIFDDoWRyYWlnIEJyYWR5ICA8UEBkcmFpZ0JyYWR5LmNvbT4KKworCWFjbC1wZXJt aXNzaW9uczogYXZvaWQgZXJyb25lb3VzIGZhaWx1cmUgb24gQ0lGUworCSogbGliL3NldC1w ZXJtaXNzaW9ucy5jIChzZXRfYWNscyk6IE9uIExpbnV4IChhbmQgb3RoZXJzKSwgYWxzbyBk aXNjb3VudAorCUVBQ0VTUyBhcyBhIHZhbGlkIGVycm5vIHdpdGggRkQgb3BlcmF0aW9ucywg YXMgQ0lGUyB3YXMgc2VlbiB0bworCXJldHVybiB0aGF0IGVycm9uZW91c2x5IGluIHNvbWUg Y2FzZXMuCisKIDIwMjQtMDQtMTMgIEJydW5vIEhhaWJsZSAgPGJydW5vQGNsaXNwLm9yZz4K IAogCWdudWxpYi10b29sLnB5OiBDb2RlIHR3ZWFrLgpkaWZmIC0tZ2l0IGEvbGliL3NldC1w ZXJtaXNzaW9ucy5jIGIvbGliL3NldC1wZXJtaXNzaW9ucy5jCmluZGV4IDgzYTM1NWZhYTUu LjdmOGU1NWY1Y2QgMTAwNjQ0Ci0tLSBhL2xpYi9zZXQtcGVybWlzc2lvbnMuYworKysgYi9s aWIvc2V0LXBlcm1pc3Npb25zLmMKQEAgLTUyMCw3ICs1MjAsMTMgQEAgc2V0X2FjbHMgKHN0 cnVjdCBwZXJtaXNzaW9uX2NvbnRleHQgKmN0eCwgY29uc3QgY2hhciAqbmFtZSwgaW50IGRl c2MsCiAgICAgICAgICAgICByZXQgPSBhY2xfc2V0X2ZpbGUgKG5hbWUsIEFDTF9UWVBFX0FD Q0VTUywgY3R4LT5hY2wpOwogICAgICAgICAgIGlmIChyZXQgIT0gMCkKICAgICAgICAgICAg IHsKLSAgICAgICAgICAgICAgaWYgKCEgYWNsX2Vycm5vX3ZhbGlkIChlcnJubykpCisgICAg ICAgICAgICAgIGlmICghIGFjbF9lcnJub192YWxpZCAoZXJybm8pCisjICAgaWYgZGVmaW5l ZCBfX2xpbnV4X18KKyAgICAgICAgICAgICAgICAgIC8qIFNwZWNpYWwgY2FzZSBFQUNDRVMg Zm9yIGZkIG9wZXJhdGlvbnMgYXMgQ0lGUworICAgICAgICAgICAgICAgICAgICAgd2FzIHNl ZW4gdG8gZXJyb25lb3VzbHkgcmV0dXJuIHRoYXQgaW4gc29tZSBjYXNlcy4gICovCisgICAg ICAgICAgICAgICAgICB8fCAoSEFWRV9BQ0xfU0VUX0ZEICYmIGRlc2MgIT0gLTEgJiYgZXJy bm8gPT0gRUFDQ0VTKQorIyAgIGVuZGlmCisgICAgICAgICAgICAgICAgICkKICAgICAgICAg ICAgICAgICB7CiAgICAgICAgICAgICAgICAgICBjdHgtPmFjbHNfbm90X3N1cHBvcnRlZCA9 IHRydWU7CiAgICAgICAgICAgICAgICAgICBpZiAoZnJvbV9tb2RlIHx8IGFjbF9hY2Nlc3Nf bm9udHJpdmlhbCAoY3R4LT5hY2wpID09IDApCi0tIAoyLjQ0LjAKCg== --------------dYYnLbH9v0yokecJ9Tj0uYli-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 13 13:42:51 2024 Received: (at 70214) by debbugs.gnu.org; 13 Apr 2024 17:42:51 +0000 Received: from localhost ([127.0.0.1]:33735 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvhOr-000752-Gr for submit@debbugs.gnu.org; Sat, 13 Apr 2024 13:42:51 -0400 Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e]:55337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvhOl-000733-Qt for 70214@debbugs.gnu.org; Sat, 13 Apr 2024 13:42:47 -0400 Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-41551500a7eso11772645e9.2 for <70214@debbugs.gnu.org>; Sat, 13 Apr 2024 10:42:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713030147; x=1713634947; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:references:cc:to:from :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=gEe8sLljV2JUQ91w3q/xciwbx5y11AoFKU4+QuFJA0o=; b=CSqQOuOh6OqaaD7aA7SgytwR919K8meRSU8osIBKKxhlSHcu4vY32GBvnHHfdE6B41 HbISXernbWH9KBsQZG//NEZ3P7C31Wkv+c2k8jSEbMCjdZ1xoGNAuq5qlmO9cXb0BYDV w6SopJoGpkHHLJbuzBC2JZqNdp6+gmi0TGLDE7Ma9BmT1AuQ+RgW/fdNY91Tw78x8CDs DL38My9LGmQs5pFmTzmXE19nO6FOcxTfyyUwzSbsSc6ZjCSdVc1jxVBCTGV5ES0aK9An zDITIgKhnVowWTB2Eg5Kjd0NKXznYWIHyRALAS3Mgz7zf/C7/eF5780abB3Q3mfHhnyi +OHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713030147; x=1713634947; h=content-transfer-encoding:in-reply-to:references:cc:to:from :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gEe8sLljV2JUQ91w3q/xciwbx5y11AoFKU4+QuFJA0o=; b=a4rTTiGbd8Gi9y1zwJmab2tQfth0KeEhOMao2y1VZpd8rRsGCF5SjzuNES5I0nN8dc Bh0PqDunlERuli5s3xju6SwWEyEw8WswWgeLvK2V3iLpM9J8GiF8IINiUBUNrh8EnVkC mW0UF9HgR52yhf74Z8QxE3f2o9ky75sZrDCv8Rgvl5w959Xarj3SS0Jh9HxMMbeXSZrz KQZooxB7jgfgYnc1nY3GV9LYQOfitlJnx9qWAicATRPX/hSRUKSnWjdDJYOIhBijb8Pq 9vDmY4zDxwew/zXY0SYxIbwMkbOL9ZCkDAf4IaTiEtdwTn28c6iaNCU9ynfMhKAVlTV4 QkVw== X-Forwarded-Encrypted: i=1; AJvYcCVWM1zOrmQq9iAIsQXKXqhTPVxeLl/EwQ8Gn6BM4S3vz4c4trYa+vFuA4Y6w3qcGInoT51FwlaaxueaKQLUrmNMMyf1cTI= X-Gm-Message-State: AOJu0YykMQHj38Y/4pRiCDhY8yp86l5QmtA9D/aVl2SWl+A/CBJOPYgv VHpJmJJjkIoUy2XLZTK4hsywz9n+NGwM1VEY0wsCKCHowLPsy/Ze X-Google-Smtp-Source: AGHT+IGIFwZ1a2XnrQciaaOUz1QUaTuetAmyT82DdA1fKrKEgfabkpwN6P22HnV1hMh8s/oPPq+jsA== X-Received: by 2002:a05:600c:1d98:b0:418:36d4:89d4 with SMTP id p24-20020a05600c1d9800b0041836d489d4mr606006wms.31.1713030146878; Sat, 13 Apr 2024 10:42:26 -0700 (PDT) Received: from [192.168.1.53] (86-44-211-146-dynamic.agg2.lod.rsl-rtd.eircom.net. [86.44.211.146]) by smtp.googlemail.com with ESMTPSA id v9-20020a05600c444900b00416b163e52bsm12782085wmn.14.2024.04.13.10.42.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 13 Apr 2024 10:42:26 -0700 (PDT) Message-ID: <57792d8c-59d1-efbe-067a-886239cc3a4e@draigBrady.com> Date: Sat, 13 Apr 2024 18:42:25 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Content-Language: en-US From: =?UTF-8?Q?P=C3=A1draig_Brady?= To: Bruno Haible , 70214@debbugs.gnu.org References: <6127852.nNyiNAGI2d@nimes> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 70214 Cc: Andreas Gruenbacher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 13/04/2024 17:39, Pádraig Brady wrote: > install(1) defaults to mode 600 for new files, and uses set_acl() with that > (since 2007 https://github.com/coreutils/coreutils/commit/f634e8844 ) > The psuedo code that install(1) uses is: > > copy_reg() > if (x->set_mode) /* install */ > set_acl(dest, x->mode /* 600 */) > ctx->acl = acl_from_mode ( /* 600 */) > acl_set_fd (ctx->acl) /* fails EACCES */ > if (! acls_set) > must_chmod = true; > if (must_chmod) > saved_errno = EACCES; > chmod (ctx->mode /* 600 */) > if (save_errno) > return -1; > > This issue only only seems to be on CIFS. > I'm seeing lot of weird behavior with ACLs there: > > acl_set_fd (acl_from_mode (600)) -> EACCES > acl_set_fd (acl_from_mode (755)) -> EINVAL > getxattr ("system.posix_acl_access") -> EOPNOTSUPP > > Note we ignore EINVAL and EOPNOTSUPP errors in set_acl(), > and it's just the EACCES that's problematic. > Note this is quite similar to https://debbugs.gnu.org/65599 > where Paul also noticed EACCES with fsetxattr() (and others) on CIFS. > > The attached is a potential solution which I tested as working > on the same matoro system that Bruno used. > > I think I'll apply that after thinking a bit more about it. Actually that probably isn't appropriate, as fsetxattr() can validly return EACESS even though not documented in the man page at least. The following demonstrates that: . #include #include #include #include #include #include #include int main(void) { int wfd; /* Note S_IWUSR is not set. */ if ((wfd=open("writable", O_CREAT|O_WRONLY|O_EXCL, S_IRUSR)) == -1) fprintf(stderr, "open('writable') error [%m]\n"); if (write(wfd, "data", 1) == -1) fprintf(stderr, "write() error [%m]\n"); if (fsetxattr(wfd, "user.test", "test", 4, 0) == -1) fprintf(stderr, "fsetxattr() error [%m]\n"); } Another solution might be to file_has_acl() in copy.c and skip if "not supported" or nothing is returned. The following would do that, but I'm not sure about this (as I'm not sure about ACLs in general TBH). Note listxattr() returns 0 on CIFS here, while getxattr ("system.posix_acl_access") returns EOPNOTSUPP, and file_has_acl() uses listxattr() first. diff --git a/src/copy.c b/src/copy.c index d584a27eb..2145d89d5 100644 --- a/src/copy.c +++ b/src/copy.c @@ -1673,8 +1673,13 @@ set_dest_mode: } else if (x->set_mode) { - if (set_acl (dst_name, dest_desc, x->mode) != 0) - return_val = false; + errno = 0; + int n = file_has_acl (dst_name, &sb); + if (0 < n || (errno && ! (is_ENOTSUP (errno) || errno == ENOSYS))) + { + if (set_acl (dst_name, dest_desc, x->mode) != 0) + return_val = false; + } } BTW I'm surprised this wasn't reported previously for CIFS, so I due to this bug and https://debbugs.gnu.org/65599 I suspect a recentish change in CIFS wrt EACCES. cheers, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 13 15:29:37 2024 Received: (at 70214) by debbugs.gnu.org; 13 Apr 2024 19:29:37 +0000 Received: from localhost ([127.0.0.1]:33816 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvj4C-0006lq-AD for submit@debbugs.gnu.org; Sat, 13 Apr 2024 15:29:37 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.221]:38217) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvj48-0006ks-R7 for 70214@debbugs.gnu.org; Sat, 13 Apr 2024 15:29:34 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1713036549; cv=none; d=strato.com; s=strato-dkim-0002; b=hX+ZYCPuAcCedpYkBVb2/20uHnPlrfji63BUBXgC8j8d5hbVDj3XdekD2uh1lx+Ia4 T0bHZ98Yh2qRATD7NgGUUT6VZ824OE5kD36fJeMm8SqxtACmYxYECo4Rq4YfpkI2JYPy D7pMOlRa02ip3GmkrCACznEOlLFiUXqEThmbzlp14kF4Bb/onIUoAt2n19NsElDhmjUD c3bl4JD9bYS1Q6Rkfb8P7CSCgOup4XSF1P9u2Xrc33N7MqUlcuMivL4HwPMTWqcp9SKM IkFjuy1cMwq4KqyMu3l5HpES+IIDTyLGNlic4pfptulK+FteqeAgSNcxlf/1fkrfm7PQ asWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1713036549; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=qhAt5otVDH8+SsSqvSoB6eSj+C2hGe/xmL7655rZE4A=; b=VILB4ZCoqJLIx2eXdmcYaZD6slvAtHXy9Yez3olWjIsO+AI24Aj9d4M/I6kQD6VQGk m6H4d/empsBU1sdXNP4GQMWiGhRzlaudSr34E9Cln2M2S/hEEQKSGMHlrhr/legfv1hy 5KPJfl3Nu0ByO6WCfe8OUoXyLzVkqdYVNaCvmBOHR2PF/2c+M2ph2/KVpQaqEtyHvFQP lPXhhh5l7QJKNrUkOZG83LUj7bXR65GbW5Mj0yEIxojFi98Iyi9P1g2Ssb6/2hpSd+gh EJlMNtpnzjzNV2llbuFDhyDG91IEZAjitSmYjh9TmeU5+DLpPCVwE5qxiYLwEqsjGLe9 KnTQ== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1713036549; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=qhAt5otVDH8+SsSqvSoB6eSj+C2hGe/xmL7655rZE4A=; b=qY8EYH3FjYxBB5Rnf+NHgz4+IfvDIhWq0J9dPOOl2jwW8lR+VmzRLBFuFTmAsNl5Vc xWvQXAUz/9ne3XQQNYfSnL3nLbbnA37AK/UrfeoN/d9SVPnP75Y7h4XAJN+lw9b3meZa IanZuCP/osfmpNSDQCW4feeK4Twsk7uPawefSc0V6WH/W4RjU1S1xelMK+JJkAKW5AXe WmfoDXO1Bg9/nk4H70S562Q1IWhQJ/KI07rPUqgY53aPCJre+AMSl0RG5ePZX9+I/htn ntNb9nd7NPUuShcXN+prqdg6nHV25PIOVamCFnuMtZmcV/C2LmhF61TsGZKMBjAi0YMS N0KQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1713036549; s=strato-dkim-0003; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=qhAt5otVDH8+SsSqvSoB6eSj+C2hGe/xmL7655rZE4A=; b=JqHl76xjQF2UQRqBl05xh88QoZrYHadpAOBI5SR480SvVHTCccFf0PDa7t4/aiRp1U g10p8FsaVYTFHEAJnuDw== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpOQ2aBbMZXs0qeHh9o4fr7Y6SHg3Q==" Received: from nimes.localnet by smtp.strato.de (RZmta 50.3.2 AUTH) with ESMTPSA id N8610003DJT9fPk (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Sat, 13 Apr 2024 21:29:09 +0200 (CEST) From: Bruno Haible To: 70214@debbugs.gnu.org, =?ISO-8859-1?Q?P=E1draig?= Brady Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Date: Sat, 13 Apr 2024 21:29:08 +0200 Message-ID: <7050532.CnaeKSotiK@nimes> In-Reply-To: References: <6127852.nNyiNAGI2d@nimes> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70214 Cc: "linux-cifs@vger.kernel.org" , Andreas Gruenbacher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi P=E1draig, I wrote: > > 5) The same thing with 'cp -a' succeeds: > >=20 > > $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? > > 0 > > $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? > > 0 You wrote: > The psuedo code that install(1) uses is: >=20 > copy_reg() > if (x->set_mode) /* install */ > set_acl(dest, x->mode /* 600 */) > ctx->acl =3D acl_from_mode ( /* 600 */) > acl_set_fd (ctx->acl) /* fails EACCES */ > if (! acls_set) > must_chmod =3D true; > if (must_chmod) > saved_errno =3D EACCES; > chmod (ctx->mode /* 600 */) > if (save_errno) > return -1; And, for comparison, what is the pseudo-code that 'cp -a' uses? I would guess that there must be a relevant difference between both. Bruno From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 13 18:44:05 2024 Received: (at 70214) by debbugs.gnu.org; 13 Apr 2024 22:44:05 +0000 Received: from localhost ([127.0.0.1]:33941 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvm6O-0008OO-Op for submit@debbugs.gnu.org; Sat, 13 Apr 2024 18:44:05 -0400 Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]:49468) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvm6I-0008M5-Mx for 70214@debbugs.gnu.org; Sat, 13 Apr 2024 18:44:02 -0400 Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-4181e85de8fso4489565e9.3 for <70214@debbugs.gnu.org>; Sat, 13 Apr 2024 15:43:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713048222; x=1713653022; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=+ZoQiUStW6G0bF6aaFwn0Fjwf/3EPN/NA5Nuh0iD9sU=; b=UjQI0vX6sa5DDHjxTIhNVmBVFInJF9pTqXGI9LRgHnkBeIk40UA7c20C6DV3eLsjBH v3GMKUJxzToADoCymOmlyIK2XVVaXoBl1yGOG/wIuMEccaldbkK3FGRP0O9d67sQ5z7E p9dYStk8hPZeZ5W+nDIKDuV92ffH35/3snYsUMoXbha+xa3EJKscmJQ6C2lv/bUGRX1a 2EV/QPGYurdBhgLp5Uak9T2u1fNH0VPZogAnks36s4BhFOZ/YZyABXPu70hDk4h8aqrd sMQbYFqV+hengL/qoqnvA3oCC0GrOvf73yBBpEfFCvQEG2tTfkzY0qV9Qu6+2L9L2Wt9 rHig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713048222; x=1713653022; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+ZoQiUStW6G0bF6aaFwn0Fjwf/3EPN/NA5Nuh0iD9sU=; b=c5BV++chCIzgXGQpuSNgmrIr/W7BWjrvsmkAKAQtzShB92WV0gNsEVW2yZhnGKcR/N jWdZfCwJp5g4jedF+36qt0CRXefMM8+U6idJ6Xon6pYbFeJAJJsaJYT6K9PBG0TmhtmF yF1qf5mxq4ayZ6QvPRgXjuy06G+mDycvFsWGb/ageo3y9yyNXW6YdF0hyjem+iuUxD09 nqwqZOAWqArF3jBIVW/CgLo2g85y3iBZ9Y4g5FtYpIJ5tCba4kXeqmcFeqgS2mbKdUdR 6giAOVTOY0/yrzfIP47fQfME3hablaMDDqoXPNtApJtstE8yXE1ZR4GRqT59bbUQs2Fx fLzQ== X-Forwarded-Encrypted: i=1; AJvYcCX+3Y81Pk7AH2flmMh4G7Z7+daX6ft1+iqE/9A6V9GJuh4T18eSTQjHw1M6sfPHx9wkhXv14t2jzeK1gNphRhXMv/B89Mg= X-Gm-Message-State: AOJu0YyGjsUBROSm4wHXGmaspcC9oKxueIwhfDetpYOhMnxlsOz6bCsM 2nkL4rXNeRmwohtVPS/Jg6/QrFBSD/sh1LbALi9cKh1ZVcPJBDtX X-Google-Smtp-Source: AGHT+IG9NvRrwqPZNWf7eVBmcGTCHwiA6bo2sFV3OEZ6IRz/3nPJjFbgon3jxUq8aU9hFWwvC+IONg== X-Received: by 2002:a05:600c:1552:b0:418:3719:61ea with SMTP id f18-20020a05600c155200b00418371961eamr867871wmg.41.1713048221641; Sat, 13 Apr 2024 15:43:41 -0700 (PDT) Received: from [192.168.1.53] (86-44-211-146-dynamic.agg2.lod.rsl-rtd.eircom.net. [86.44.211.146]) by smtp.googlemail.com with ESMTPSA id f19-20020a05600c4e9300b00417d624cffbsm9982565wmq.6.2024.04.13.15.43.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 13 Apr 2024 15:43:41 -0700 (PDT) Message-ID: Date: Sat, 13 Apr 2024 23:43:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Content-Language: en-US To: Bruno Haible , 70214@debbugs.gnu.org References: <6127852.nNyiNAGI2d@nimes> <7050532.CnaeKSotiK@nimes> From: =?UTF-8?Q?P=C3=A1draig_Brady?= In-Reply-To: <7050532.CnaeKSotiK@nimes> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 70214 Cc: "linux-cifs@vger.kernel.org" , Andreas Gruenbacher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 13/04/2024 20:29, Bruno Haible wrote: > Hi Pádraig, > > I wrote: >>> 5) The same thing with 'cp -a' succeeds: >>> >>> $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? >>> 0 >>> $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? >>> 0 > > You wrote: >> The psuedo code that install(1) uses is: >> >> copy_reg() >> if (x->set_mode) /* install */ >> set_acl(dest, x->mode /* 600 */) >> ctx->acl = acl_from_mode ( /* 600 */) >> acl_set_fd (ctx->acl) /* fails EACCES */ >> if (! acls_set) >> must_chmod = true; >> if (must_chmod) >> saved_errno = EACCES; >> chmod (ctx->mode /* 600 */) >> if (save_errno) >> return -1; > > And, for comparison, what is the pseudo-code that 'cp -a' uses? > I would guess that there must be a relevant difference between both. The cp pseudo code is: copy_reg() if (preserve_xattr) copy_attr() ret = attr_copy_fd() if (ret == -1 && require_preserve_xattr /*false*/) return failure; if (preserve_mode) copy_acl() qcopy_acl() #if USE_XATTR /* true */ fchmod() /* chmod before setting ACLs as doing after may reset */ return attr_copy_fd() /* successful if no ACLs in source */ #endif If however you add ACLs in the source, you induce a similar failure: $ setfacl -m u:nobody:r /var/tmp/foo3942 $ src/cp -a /var/tmp/foo3942 foo3942; echo $? src/cp: preserving permissions for ‘foo3942’: Permission denied 1 The corresponding strace is: fchmod(4, 0100640) = 0 flistxattr(3, NULL, 0) = 24 flistxattr(3, "system.posix_acl_access\0", 24) = 24 fgetxattr(3, "system.posix_acl_access", NULL, 0) = 44 fgetxattr(3, "system.posix_acl_access", "\2\0...\4", 44) = 44 fsetxattr(4, "system.posix_acl_access", "\2\0...\4", 44, 0) = -1 EACCES (Permission denied) BTW I was wondering about the need for install(1) to set_acl() at all, rather than just using chmod. The following comment in lib/set-permissions.c may be pertinent: /* If we can't set an acl which we expect to be able to set, try setting the permissions to ctx->mode. Due to possible inherited permissions, we cannot simply chmod */ BTW this is all under kernel version: $ uname -r 6.8.5-gentoo-sparc64 With these cifs options: $ mount | grep cifs //syslog.matoro.tk/guest-pixelbeat on /media/guest-homedirs/pixelbeat type cifs (rw,nosuid,relatime,vers=1.0,cache=strict,username=nobody,uid=30017,forceuid, gid=30017,forcegid,addr=fd05:0000:0000:0000:0000:0000:0000:0001, soft,unix,posixpaths,serverino,mapposix,acl, rsize=1048576,wsize=65536,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) cheers, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 15 10:37:57 2024 Received: (at 70214) by debbugs.gnu.org; 15 Apr 2024 14:37:57 +0000 Received: from localhost ([127.0.0.1]:37620 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwNT3-0008TG-8q for submit@debbugs.gnu.org; Mon, 15 Apr 2024 10:37:57 -0400 Received: from mail-lf1-x129.google.com ([2a00:1450:4864:20::129]:44384) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwNT1-0008T8-2I for 70214@debbugs.gnu.org; Mon, 15 Apr 2024 10:37:56 -0400 Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-516d3776334so4245288e87.1 for <70214@debbugs.gnu.org>; Mon, 15 Apr 2024 07:37:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713191857; x=1713796657; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/wbs9qVkkGGMY81GIgZjIRjXaABmFteXtLrGaTrRO98=; b=JwqaIXDOQU3YXEa8TWuKvVqgkwjpJgfIqWzGIR2HszDM+SUdnj0tTfz7aW4dyfNnNC VBw1H9PNtwBT22S7mEgQDYl2pUPNx+KZXtIBhHI8ANok3bbWyQFw/1e0s9VwTGl58Fhw rUZ0FEuCj8mNOKjPMLGnHRT1AwA5Zzi8a1TO3O0zwRO3lvm87zfC8gBcxtsGIz2cpWvw wSEqL6lLSxpgnJI+8tezWan1qZxXinAKrgeHnIKL1AEjQ0s1+DIqLNEs+hi938swO5ag 9G+UjV9XEd4e2BW0L3r2yRnDZCGBgJrOs7djYM7RoT5gY6BcPkzBwriP4Tq9luGyPs3b ezwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713191857; x=1713796657; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/wbs9qVkkGGMY81GIgZjIRjXaABmFteXtLrGaTrRO98=; b=TH1fLMlwHjIG5AYmlcHhCevx5GGIYdkC+WMYGqHuXdy5DBJQnQ4vgNDUpxnNcnL5YW PyT3CVuN/Y5TRXNEBgZU0lcVTL9a5ZEPNWnjidWocs78Bsg2E6JOMH4hZt/dDr9Gakzc g2947r5tziee0+VbitGizSNrtA4v6wRFrpIXFCTYbnmhOqiVLBXjHIzC5+EXOyvm9+HS AxZ8BBVAYCMl87NokNyH9er7D8cSmvmyOvcdld7sVWnK5Y/OMEe/hrV1Ysw1I/ynH8Vt QoQQxbF1QlidImZ+JTaHiH8uRXMpqR8OjKunrzW6zOvL5tXZjBgCaXnN1YUOjODHrEeL /28w== X-Forwarded-Encrypted: i=1; AJvYcCW/zZvmwFoKBugEF0Kbjxhr8Yie/TruRTLf0zlihn/Jjxw4BJWTCPYfgi0g+3+RuUnY6ursdvyEWoegrGVBbkHrCOD1BsU= X-Gm-Message-State: AOJu0YwOWQhQX4BUClwY6dtQtQo0QmNYblzkChaj90nENEYgBqZI0EFf G1rwanAO6GUgcy9lmViC81tNqbI5L+gYCkTS26KK7SpbGIwLZjE3AbZKkuddQtICpjl6jisSuBy NekW/vk71oS0uvq5OyJbXsF/mMFo= X-Google-Smtp-Source: AGHT+IHaRGFSrfBAsW0xcksvOEOo/ImscHiqewHwM8xN7Bl2iO+IzkXGmSTAXmHI2n0UOqPy9PLkFdzsw4L3kpoUEzw= X-Received: by 2002:a05:6512:2fc:b0:517:8e01:2668 with SMTP id m28-20020a05651202fc00b005178e012668mr6824654lfq.67.1713191856994; Mon, 15 Apr 2024 07:37:36 -0700 (PDT) MIME-Version: 1.0 References: <6127852.nNyiNAGI2d@nimes> <7050532.CnaeKSotiK@nimes> In-Reply-To: From: =?UTF-8?Q?Andreas_Gr=C3=BCnbacher?= Date: Mon, 15 Apr 2024 16:37:25 +0200 Message-ID: Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling To: =?UTF-8?Q?P=C3=A1draig_Brady?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70214 Cc: 70214@debbugs.gnu.org, Bruno Haible , "linux-cifs@vger.kernel.org" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Am So., 14. Apr. 2024 um 00:43 Uhr schrieb P=C3=A1draig Brady : > On 13/04/2024 20:29, Bruno Haible wrote: > > Hi P=C3=A1draig, > > > > I wrote: > >>> 5) The same thing with 'cp -a' succeeds: > >>> > >>> $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? > >>> 0 > >>> $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo= $? > >>> 0 > > > > You wrote: > >> The psuedo code that install(1) uses is: > >> > >> copy_reg() > >> if (x->set_mode) /* install */ > >> set_acl(dest, x->mode /* 600 */) > >> ctx->acl =3D acl_from_mode ( /* 600 */) > >> acl_set_fd (ctx->acl) /* fails EACCES */ > >> if (! acls_set) > >> must_chmod =3D true; > >> if (must_chmod) > >> saved_errno =3D EACCES; > >> chmod (ctx->mode /* 600 */) > >> if (save_errno) > >> return -1; > > > > And, for comparison, what is the pseudo-code that 'cp -a' uses? > > I would guess that there must be a relevant difference between both. > > The cp pseudo code is: > > copy_reg() > if (preserve_xattr) > copy_attr() > ret =3D attr_copy_fd() > if (ret =3D=3D -1 && require_preserve_xattr /*false*/) > return failure; > if (preserve_mode) > copy_acl() > qcopy_acl() > #if USE_XATTR /* true */ > fchmod() /* chmod before setting ACLs as doing after may reset= */ > return attr_copy_fd() /* successful if no ACLs in source */ > #endif > > If however you add ACLs in the source, you induce a similar failure: > > $ setfacl -m u:nobody:r /var/tmp/foo3942 > $ src/cp -a /var/tmp/foo3942 foo3942; echo $? > src/cp: preserving permissions for =E2=80=98foo3942=E2=80=99: Permission = denied > 1 > > The corresponding strace is: > > fchmod(4, 0100640) =3D 0 > flistxattr(3, NULL, 0) =3D 24 > flistxattr(3, "system.posix_acl_access\0", 24) =3D 24 > fgetxattr(3, "system.posix_acl_access", NULL, 0) =3D 44 > fgetxattr(3, "system.posix_acl_access", "\2\0...\4", 44) =3D 44 > fsetxattr(4, "system.posix_acl_access", "\2\0...\4", 44, 0) =3D -1 EACCES= (Permission denied) Why does CIFS think EACCES is an appropriate error to return here? The fchmod() succeeds, so changing the file permissions via fsetxattr() should really succeed as well. Thanks, Andreas From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 15 11:28:46 2024 Received: (at 70214) by debbugs.gnu.org; 15 Apr 2024 15:28:46 +0000 Received: from localhost ([127.0.0.1]:37826 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwOGC-0006bu-FO for submit@debbugs.gnu.org; Mon, 15 Apr 2024 11:28:46 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]:42468) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwOGA-0006aq-9a for 70214@debbugs.gnu.org; Mon, 15 Apr 2024 11:28:43 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-4187991d01bso4124015e9.1 for <70214@debbugs.gnu.org>; Mon, 15 Apr 2024 08:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713194904; x=1713799704; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=ONdC2GQJW6N/G7wsYw1wp1reVXg0D6tTQEqmN9QLb4s=; b=kN3gYJqL8ngqlR1qhWdbF57NlvVQft9cLr2KYvossQ5Ltr5mluKbYzwUnAY6qSBJHD RD2Hk7PlwE6IrifLoTkQR8BE12a1JOehMDLIqIcuIMXJJOK9BjOvUFPLJXqoLeiU+740 TBv82qUUi76UF2H36LLQLvtX77fGXrv+/9cb2da/AvC677QKLjCbtnLjydzO63LhI+WL WBPfTFVHCpG0ykR+RaM7h8tzf1jf3HFKQDSamHMA77VSm68F8WKJnNSaxSOdxY60p2+3 N2pdDmty6RaF96rWCenAfAlW3xQQUHXy0MFZgvqoX+aej5DH1srI8P98wkSrdQO0A0Up Q3/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713194904; x=1713799704; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ONdC2GQJW6N/G7wsYw1wp1reVXg0D6tTQEqmN9QLb4s=; b=iiePjDMg/V+tY8HtQCutlNNevnIoSOKVs0x8foAckwQcu6dZ//UDBlBC7O+z4CLpcB IOey7AGMF8KdxzSy6vkbiXKOE4nkPXHzajR7UEThMAI1bM0hAIp64nOV1aZCt8fmQqou 20DnQFw74HYC4qtKFJcud0vJ6gdZR5QW1YKfkJxx1yM8rkd1QeQYIw+jQwrukIF9YZ9Q opw8VmtBcfuUvSGHwfB6DkFV0hPu15+ZXcRV+z/E1doYfMTxN4ebXTjr3+aJnlq6nqLN Gpc7NUmrXJbZT4bjRNlcEdAfjRvomWF1yst2Pd6vGjHRkez+j7q88BQduhVFQp5omZF1 BMFA== X-Forwarded-Encrypted: i=1; AJvYcCX/efC3fLw+dOH5SR93PhIe5ywFAroKTvUfQ2dru1iQsyKJoLrkwnTly9jAlFMMfAGV0E/r33NppX+kb7qEV9nmNy6f/fA= X-Gm-Message-State: AOJu0YyFuwhrE6rP/tV3PLLS3Q7scwzJa4+/1T0DBahjTAAlW+xqNr+b 102ZvbDqtVbwgEWfLO40Lh+UgspCm6LH7cSStU6k5DjwekSRRw2t X-Google-Smtp-Source: AGHT+IEutBxnvyhprwPJFoueaXmjxICXARbGjMc2AXJaHAFpfvrLtSbkm2BgdR4W66wTKOPdwUr/3w== X-Received: by 2002:a05:600c:4fc7:b0:417:eb5d:281b with SMTP id o7-20020a05600c4fc700b00417eb5d281bmr9294834wmq.17.1713194904348; Mon, 15 Apr 2024 08:28:24 -0700 (PDT) Received: from [192.168.1.53] (86-44-211-146-dynamic.agg2.lod.rsl-rtd.eircom.net. [86.44.211.146]) by smtp.googlemail.com with ESMTPSA id w16-20020a05600c475000b00417e36953a0sm15315902wmo.20.2024.04.15.08.28.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Apr 2024 08:28:24 -0700 (PDT) Message-ID: Date: Mon, 15 Apr 2024 16:28:23 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling Content-Language: en-US To: =?UTF-8?Q?Andreas_Gr=C3=BCnbacher?= References: <6127852.nNyiNAGI2d@nimes> <7050532.CnaeKSotiK@nimes> From: =?UTF-8?Q?P=C3=A1draig_Brady?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 70214 Cc: 70214@debbugs.gnu.org, Bruno Haible , "linux-cifs@vger.kernel.org" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 15/04/2024 15:37, Andreas Grünbacher wrote: > Hello, > > Am So., 14. Apr. 2024 um 00:43 Uhr schrieb Pádraig Brady : >> On 13/04/2024 20:29, Bruno Haible wrote: >>> Hi Pádraig, >>> >>> I wrote: >>>>> 5) The same thing with 'cp -a' succeeds: >>>>> >>>>> $ build-sparc64/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? >>>>> 0 >>>>> $ build-sparc64-no-acl/src/cp -a /var/tmp/foo3941 $HOME/foo3941; echo $? >>>>> 0 >>> >>> You wrote: >>>> The psuedo code that install(1) uses is: >>>> >>>> copy_reg() >>>> if (x->set_mode) /* install */ >>>> set_acl(dest, x->mode /* 600 */) >>>> ctx->acl = acl_from_mode ( /* 600 */) >>>> acl_set_fd (ctx->acl) /* fails EACCES */ >>>> if (! acls_set) >>>> must_chmod = true; >>>> if (must_chmod) >>>> saved_errno = EACCES; >>>> chmod (ctx->mode /* 600 */) >>>> if (save_errno) >>>> return -1; >>> >>> And, for comparison, what is the pseudo-code that 'cp -a' uses? >>> I would guess that there must be a relevant difference between both. >> >> The cp pseudo code is: >> >> copy_reg() >> if (preserve_xattr) >> copy_attr() >> ret = attr_copy_fd() >> if (ret == -1 && require_preserve_xattr /*false*/) >> return failure; >> if (preserve_mode) >> copy_acl() >> qcopy_acl() >> #if USE_XATTR /* true */ >> fchmod() /* chmod before setting ACLs as doing after may reset */ >> return attr_copy_fd() /* successful if no ACLs in source */ >> #endif >> >> If however you add ACLs in the source, you induce a similar failure: >> >> $ setfacl -m u:nobody:r /var/tmp/foo3942 >> $ src/cp -a /var/tmp/foo3942 foo3942; echo $? >> src/cp: preserving permissions for ‘foo3942’: Permission denied >> 1 >> >> The corresponding strace is: >> >> fchmod(4, 0100640) = 0 >> flistxattr(3, NULL, 0) = 24 >> flistxattr(3, "system.posix_acl_access\0", 24) = 24 >> fgetxattr(3, "system.posix_acl_access", NULL, 0) = 44 >> fgetxattr(3, "system.posix_acl_access", "\2\0...\4", 44) = 44 >> fsetxattr(4, "system.posix_acl_access", "\2\0...\4", 44, 0) = -1 EACCES (Permission denied) > > Why does CIFS think EACCES is an appropriate error to return here? The > fchmod() succeeds, so changing the file permissions via fsetxattr() > should really succeed as well. Right, it seems like a CIFS bug (already CC'd) Even if it returned ENOTSUP (like getxattr(...posix...) does) it would be ok as we handle that. It would be good to avoid it though. You confirmed privately to me that the set_acl() is to clear any default ACLs that may have been added to the newly created file, so the posted solution in https://bugs.gnu.org/70214#11 that only does the set_acl() iff file_has_acl() should avoid the CIFS issue. It would be a bit less efficient if there were ACLs, but a bit more efficient in the common case where there weren't ACLs. cheers, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Thu May 09 08:17:08 2024 Received: (at 70214) by debbugs.gnu.org; 9 May 2024 12:17:08 +0000 Received: from localhost ([127.0.0.1]:54991 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s52hv-0001mn-Nn for submit@debbugs.gnu.org; Thu, 09 May 2024 08:17:08 -0400 Received: from mail-lj1-x232.google.com ([2a00:1450:4864:20::232]:50515) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s52hs-0001m5-Ux for 70214@debbugs.gnu.org; Thu, 09 May 2024 08:17:06 -0400 Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2e271acb015so10534631fa.1 for <70214@debbugs.gnu.org>; Thu, 09 May 2024 05:16:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715256993; x=1715861793; darn=debbugs.gnu.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:sender :from:to:cc:subject:date:message-id:reply-to; bh=P2iUcbWg7WG3JT5GCkWPGgmFZk9Tdpqu7M/ufv1jKHU=; b=M6omFbi36w75oXBaOwBuWBFQxom2mzBy64ztSxA9sC0BEzEgsm7uTIILbV2oeTF1MV 4jBihxZ8cFUZszJ14AyacZl1BeXUpWB55/BHijwfGgTR3Q5LGPPkbBVOVEmvMbU2XSx+ QJL0tMfb2Jmqro6XMDq11mDY4YUFPc3pAtrrd8tPhY1P48+BxSLUqbJ09mYPQqmcBJxK lmodnUFh2rSJdHQsKp7iW51w7LbcShFp5qVdbZLoSuXNC2ZAdBv42niO21F1r9M4Cx8R wzO1YJKLxyrGeN6rZn9n2tDzyz3ZgeKRPXbWU2ORnfXSsTVMDhtkdlhHJRu9ezhPP438 vioQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715256993; x=1715861793; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=P2iUcbWg7WG3JT5GCkWPGgmFZk9Tdpqu7M/ufv1jKHU=; b=TXrCZ42OhpjVfgQPbnyOoiHmavAVRA4Ko8Qgd6aMypUbMdPhVc0eu2aRUZ3Y6nU140 8n67MRxoijI/2fHEfsKu8ECvrjS5kkE0EK5jHsa2GZw2rrEeoF70eaoCBD8hONgWhcVP z9ZDZxrO0FkIsy0afDqNK48NptmzGeDeS9/UN+1jkg2khKyvxBwDOrZWCb82WxHMLv5h b3dtGeeXRSo7hWFU5dtIHbPdVtunOW+LJDxigFxyG7zoBUze0l3mTQbgjAPVtax/1qVQ xOLqqAC/g3zE9vsRCgv4RX6trnoEFQT5al3Z4U9g7T8uKIxaVq/GPD0m/Z1iS+bevUa8 S8LQ== X-Forwarded-Encrypted: i=1; AJvYcCXDFzMVgy1cd0cJEo/SzhKAy+00fwfClyH4lqbRr8GI7Bdxzd8qpligYaoTwoR0X7KaMOp3nEzMutDZdyjZt9OAQBeSvvo= X-Gm-Message-State: AOJu0Yx74Fa9oHNJ9Cg3qrLmgf/v+pGAVtUZtz7O/4H0EG4xmN3jTFQu cl97mYJqIOjc0joCs4t//6cSqr3wHQ36j8dPOJGb+TP9++usjpTo X-Google-Smtp-Source: AGHT+IGhB+RGqa8/pyBA5AsmI30rq3ta2vyDCWVICnT2jsl7LBRMbeIU31LyOIDxAWw24VcmtbJRJA== X-Received: by 2002:a2e:96ca:0:b0:2dd:bd92:63c with SMTP id 38308e7fff4ca-2e447699ba9mr30507561fa.42.1715256992510; Thu, 09 May 2024 05:16:32 -0700 (PDT) Received: from [192.168.1.59] (86-44-211-146-dynamic.agg2.lod.rsl-rtd.eircom.net. [86.44.211.146]) by smtp.googlemail.com with ESMTPSA id 5b1f17b1804b1-41fd491c712sm10830985e9.0.2024.05.09.05.16.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 09 May 2024 05:16:31 -0700 (PDT) Message-ID: Date: Thu, 9 May 2024 13:16:30 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta Subject: Re: bug#70214: 'install' fails to copy regular file to autofs/cifs, due to ACL or xattr handling From: =?UTF-8?Q?P=C3=A1draig_Brady?= To: Bruno Haible , 70214@debbugs.gnu.org References: <6127852.nNyiNAGI2d@nimes> <57792d8c-59d1-efbe-067a-886239cc3a4e@draigBrady.com> Content-Language: en-US In-Reply-To: <57792d8c-59d1-efbe-067a-886239cc3a4e@draigBrady.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 70214 Cc: "linux-cifs@vger.kernel.org" , Andreas Gruenbacher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 13/04/2024 18:42, Pádraig Brady wrote: > On 13/04/2024 17:39, Pádraig Brady wrote: >> install(1) defaults to mode 600 for new files, and uses set_acl() with that >> (since 2007 https://github.com/coreutils/coreutils/commit/f634e8844 ) >> The psuedo code that install(1) uses is: >> >> copy_reg() >> if (x->set_mode) /* install */ >> set_acl(dest, x->mode /* 600 */) >> ctx->acl = acl_from_mode ( /* 600 */) >> acl_set_fd (ctx->acl) /* fails EACCES */ >> if (! acls_set) >> must_chmod = true; >> if (must_chmod) >> saved_errno = EACCES; >> chmod (ctx->mode /* 600 */) >> if (save_errno) >> return -1; >> >> This issue only only seems to be on CIFS. >> I'm seeing lot of weird behavior with ACLs there: >> >> acl_set_fd (acl_from_mode (600)) -> EACCES >> acl_set_fd (acl_from_mode (755)) -> EINVAL >> getxattr ("system.posix_acl_access") -> EOPNOTSUPP >> >> Note we ignore EINVAL and EOPNOTSUPP errors in set_acl(), >> and it's just the EACCES that's problematic. >> Note this is quite similar to https://debbugs.gnu.org/65599 >> where Paul also noticed EACCES with fsetxattr() (and others) on CIFS. >> >> The attached is a potential solution which I tested as working >> on the same matoro system that Bruno used. >> >> I think I'll apply that after thinking a bit more about it. > > Actually that probably isn't appropriate, > as fsetxattr() can validly return EACESS > even though not documented in the man page at least. > The following demonstrates that: > . > #include > #include > #include > #include > #include > #include > #include > > int main(void) > { > int wfd; > /* Note S_IWUSR is not set. */ > if ((wfd=open("writable", O_CREAT|O_WRONLY|O_EXCL, S_IRUSR)) == -1) > fprintf(stderr, "open('writable') error [%m]\n"); > if (write(wfd, "data", 1) == -1) > fprintf(stderr, "write() error [%m]\n"); > if (fsetxattr(wfd, "user.test", "test", 4, 0) == -1) > fprintf(stderr, "fsetxattr() error [%m]\n"); > } > > Another solution might be to file_has_acl() in copy.c > and skip if "not supported" or nothing is returned. > The following would do that, but I'm not sure about this > (as I'm not sure about ACLs in general TBH). > Note listxattr() returns 0 on CIFS here, > while getxattr ("system.posix_acl_access") returns EOPNOTSUPP, > and file_has_acl() uses listxattr() first. > > diff --git a/src/copy.c b/src/copy.c > index d584a27eb..2145d89d5 100644 > --- a/src/copy.c > +++ b/src/copy.c > @@ -1673,8 +1673,13 @@ set_dest_mode: > } > else if (x->set_mode) > { > - if (set_acl (dst_name, dest_desc, x->mode) != 0) > - return_val = false; > + errno = 0; > + int n = file_has_acl (dst_name, &sb); > + if (0 < n || (errno && ! (is_ENOTSUP (errno) || errno == ENOSYS))) > + { > + if (set_acl (dst_name, dest_desc, x->mode) != 0) > + return_val = false; > + } > } > > > BTW I'm surprised this wasn't reported previously for CIFS, > so I due to this bug and https://debbugs.gnu.org/65599 > I suspect a recentish change in CIFS wrt EACCES. Thinking more about this, the solution presented above wouldn't work, and I think this needs to be addressed in CIFS. I.e. we may still need to reset the mode even if the file has no ACLs, as generally only dirs get default ACLs copied, as demonstrated below: $ mkdir acl$ setfacl -d -m o::rw acl $ getfacl acl # file: acl # owner: padraig # group: padraig user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::rw- $ touch acl/file $ ls -l acl/file -rw-r--rw-. 1 padraig padraig 0 May 9 13:11 acl/file $ getfacl acl/file # file: acl/file # owner: padraig # group: padraig user::rw- group::r-- other::rw- cheers, Pádraig.