Description of problem: The getfacl program does not display ACL information for all files/links in a directory. Version-Release number of selected component (if applicable): acl-2.2.23-5 How reproducible: Everytime Steps to Reproduce: 1. mkdir dir 2. touch dir/mydata 3. ln -s dir link 4. getfacl -dR . Actual results: # file: . # owner: root # group: root # file: link # owner: root # group: root # file: link/mydata # owner: root # group: root Expected results: ACL information for both 'dir' and 'link' would be displayed. Additional info: Below is an explanation from Klaus Weidner <klaus> as well as a patch (attached to this bug): "The effect depends on the low-level ordering of entries in the directory, use "ls -U" to show that order. getfacl uses the first entry found. You get the documented result if you create the link after the directory in a freshly created directory. It's not security relevant since the underlying system calls do work correctly, and the bug shouldn't have much real world impact other than confusing this specific test case. You can try adding the -P or -L flags in the test case to get consistent behavior, or make sure to always start with a freshly created directory."
Created attachment 121037 [details] Patch from Klaus Weidner <klaus>
Thomas, have you ever pushed this patch into FC? Seems like it could get some testing there to make sure there are no unintended side effects.
Nope, not yet.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
When testing the above testcase against RHEL5 beta2 snaphot 5, the results are a bit different from what I thought: ------------------------------- [root@alex test]# getfacl -dRL . # file: . # owner: root # group: root # file: dir # owner: root # group: root # file: dir/mydata # owner: root # group: root [root@alex test]# ls -lR .: total 12 drwxr-xr-x 2 root root 4096 Jan 22 09:09 dir lrwxrwxrwx 1 root root 3 Jan 22 09:10 link -> dir ./dir: total 4 -rw-r--r-- 1 root root 0 Jan 22 09:09 mydata ------------------------------------- I thought that we would get info about all files (including links) when querying with 'getfacl -dRL .' Any news on this?
Created attachment 146845 [details] updated patch that applies to current upstream / rhel5beta version I think the new behavior is still broken. The attached patch restores the behavior according to the old patch I had submitted.
I see this was just changed to "MODIFIED" - what does that mean?
Please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223840 - a new package containing a patch is available: http://people.redhat.com/sgrubb/files/lspp/acl-2.2.39-2.el5.src.rpm
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0176.html