Bug 58336

Summary: permissions error is correct, but confusing
Product: [Retired] Red Hat Powertools Reporter: Hunter Matthews <thm>
Component: netatalkAssignee: bero
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-01-14 17:38:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hunter Matthews 2002-01-14 17:16:57 UTC 
Description of Problem:
Our webserver is accessable through netatalk (afpd) and we use 
groups primarily to control access. Our default umask is 007, and most if not all of the dirs on 
the webserver are g+rwxs.

However, the afpd process itself did not start with a umask that 
would create the .AppleDouble dirs with write access for groups, and this led to a very hard bug 
to track down - the first person to access a particular dir would be able to read and write files 
fine, but anyone else would get a "You do not have sufficient permissions to edit this file" 
error.

However, upon looking at the webserver and reviewing a users group memberships, it 
would APPEAR that they did have sufficient access. 

Only by stracing a process with a user that 
was having the problem could I find the root cause. 



Version-Release number of selected 
component (if applicable):
1.5pre2-6

How Reproducible:
Follow the logic above and 
basically end up with an .AppleDouble dir with 
perms of rwxr-s--- and then have someone with group 
write permissions for a file try to edit the file. If they are not the owner of the .AppleDouble 
dir, they'll get the error message.

Steps to Reproduce:
1. 
2. 
3. 

Actual 
Results:


Expected Results:


Additional Information:
It may be that the error message 
you give the user can't or should not be changed - however, additional log messages would have 
been a HUGE win over having to strace the problem.

I can try to provide more details, and am 
willing to test patches if needed - I know there aren't that many sites suffering from netatalk 
anymore.	
D
Comment 1 Bernhard Rosenkraenzer 2002-01-17 21:39:04 UTC 
Since powertools has been discontinued and this is hardly grave enough to call for an errata update, there's nothing I can do about it, unfortunately.