-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Setting file acl crashes on capital X perm, fails octal conversion #59171
Comments
Since the code is comparing against
|
Did a stupid simple test of amending the octal map to also map X to 1:
This however is only a partial workaround since now the change is triggered every time:
|
Thanks for reporting it, please note |
Hi! I have also encountered this same "feature" and wonder if it is possible to expand this patch. We use FACLs a fair amount and the use of X is rather necessary for us. The classic example for us is when we want the user to be able to inherit read only access on files and read execute on subdirectories, allowing them to traverse the directory structure. The X in FACL world is a nice conditional that applies x only on directories and not files. Unfortunately there is no octal equivalent for X like there is for r,w,x,s,or t. Changing the map to make X = 1 would fix the break resulting in a traceback, but it doesn't fix the use of X or other permissions (s or t). In fact from what I can tell it leaves it broken and even worse it throws out a really useful feature and actually results in the acl perms being set to r-x (giving execute on files and directories!!). From what I see it looks like there is logic in both states/linux_acl.py and modules/linux_acl.py that converts from the symbolic to octal and uses the summed value. I will also note that this logic doesn't account for the use of s,t, or X, only r,w,and x. Instead the logic should probably be a direct comparison of the FACL record entries in symbolic form. That would fix this issue and allow the use of X, s, and t. |
This is also discussed in #33921 |
Description
Using
acl.present
to set an ACL ofX
crashes in attempting to interpret it as an octal value. A capital X is a valid value, quoting the man page (3rd line being relevant):My intent in using it is to only grant execute recursively to directories, not files.
Setup
Steps to Reproduce the behavior
state.apply
to push ACL change outstate.apply
again.Expected behavior
Change applied on first run, no changes or errors on the second run.
On the first run the changes seems to get applied successfully but any subsequent runs produce an error:
Versions Report
salt --versions-report
Identical versions between minion & master, same base image.Additional context
Inspecting the folder manually shows the permissions seem to have been applied as expected, and it's only the subsequent runs that fail.
A recursed directory gets
x
set for user:telegraf:But a file does not:
The text was updated successfully, but these errors were encountered: