Hello, Am Dienstag, 17. Mai 2005 01:47 schrieb Ashley Gould:
I've been tinkering with filesystem ACLs. I get mysterious behavior (read: I think it's a bug) when I create files over scp/sftp in a directory with default acl. The newly created file loses the mask acl.
This is on SLES9, kernel 2.6.5-7.151-default, OpenSSH_3.8p1 filesystem is reiserfs 3.6.13
the target directory has acl rwx and default acl rw for isclib: [...] default:user::r-- default:user:isclib:rw- default:group::rw- default:mask::rw- default:other::---
If i create a file locally the permissions and ACLs come out correct: [...] but when I create the file via scp, the resulting acl for mask is empty, and my effective acl is no access:
agould@isis:~/tmp> scp testfile isclib@venus:/ftphome/ftpusr3/get/caf/test.scp testfile 100% 0 0.0KB/s 00:00 isclib@venus:/ftphome/ftpusr3/get/caf> la test.* -r--rw----+ 1 isclib cafftp 0 2005-05-16 16:15 test.local -r--------+ 1 isclib cafftp 0 2005-05-16 16:29 test.scp isclib@venus:/ftphome/ftpusr3/get/caf> getfacl test.scp # file: test.scp # owner: isclib # group: cafftp user::r-- user:isclib:rw- #effective:--- group::rw- #effective:--- mask::---
How can I get around this problem?
It seems scp honors and copies (some of?) the ACL settings of the original file. Have a look at my tests (done with SuSE 9.3). # getfacl ./ [...] user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:mask::rwx default:other::r-x # touch test # getfacl test [...] user::rw- group::r-x #effective:r-- mask::rw- other::r-- # scp test localhost:`pwd`/scptest # getfacl scptest [...] user::rw- group::r-x #effective:r-- mask::rw- other::r-- -> same ACL as original file # ls -l ../testfile -rw-r--r-- 1 cb users 0 2005-05-17 23:15 ../testfile <--- No ACL # scp ../testfile localhost:`pwd`/ # getfacl testfile [...] user::rw- group::r-x #effective:r-- mask::r-- other::r-- -> same (non-existing) ACL as original file For me, it seems that scp can handle (and copy) (some?) ACL correctly - so it's a feature, not a bug ;-) Regards, Christian Boltz -- Der Vergleich hinkt wie eine Schnecke mit Holzbein ;) [David Haller]