[Bug 1081502] Missing required logs.

Brad Figg brad.figg at canonical.com
Wed Nov 21 11:30:07 UTC 2012 

This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:

apport-collect 1081502

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

** Changed in: linux (Ubuntu)
       Status: New => Incomplete

** Tags added: precise

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/1081502

Title:
  posix acl permissions evaluated wrongly with null mask

Status in “acl” package in Ubuntu:
  Confirmed
Status in “linux” package in Ubuntu:
  Incomplete
Status in “linux” package in Debian:
  New

Bug description:
  Hi!

  According to my experience the Linux Kernel Access Control evaluate
  wrongly the POSIX ACL-s when a mask is null (mask::---)

  Let's see an example:
  root at bar:~# getfacl /tmp/test 
  getfacl: Removing leading '/' from absolute path names
  # file: tmp/test
  # owner: root
  # group: root
  user::rw-
  user:foo:---
  group::r--                      #effective:---
  mask::---
            ^^^^^
  other::r--

  As we can see the foo user hasn't got any rights on the test file and a mask is zero.
  Let's try to read the file as the foo user:
  foo at bar:~$ cat /tmp/test
  FOOBAR
  foo at bar:~$ 

  Success.

  According to the documentation (man acl) user foo cannot access the file:
  "     2.   else if the effective user ID of the process matches the qualifier of any entry of type ACL_USER, then
                if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access is granted,
                else access is denied."

  If I change the the mask entry to something else:
  root at bar:~# getfacl /tmp/test 
  getfacl: Removing leading '/' from absolute path names
  # file: tmp/test
  # owner: root
  # group: root
  user::rw-
  user:foo:---
  group::r--                      #effective:---
  mask::-w-
            ^^^^^^
  other::r--

  the foo user cannot read the file:
  foo at bar:~$ cat /tmp/test 
  cat: /tmp/test: Permission denied

  I tested with ext4 and tmpfs with the same result. I also tested on a
  Solaris 9 machine where the permissions work as expected.

  System info:
  Description:    Ubuntu 12.04.1 LTS
  Release:        12.04

  acl:
    Installed: 2.2.51-5ubuntu1
    Candidate: 2.2.51-5ubuntu1
    Version table:
   *** 2.2.51-5ubuntu1 0
          500 http://hu.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
          100 /var/lib/dpkg/status

  Linux bar 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC
  2012 i686 i686 i386 GNU/Linux

  Thank you for your time and I hope you can find the source of this
  issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1081502/+subscriptions

More information about the foundations-bugs mailing list