Bugzilla – Bug 142484
Enanchement of /bin/ls for ACLs -l option
Last modified: 2006-01-16 12:41:02 UTC
moya:/tmp$ touch a moya:/tmp$ ls -l a -rw-r--r-- 1 claudiu users 0 2006-01-11 09:16 a moya:/tmp$ setfacl -m u:root:rwx a moya:/tmp$ ls -l a -rw-rwxr--+ 1 claudiu users 0 2006-01-11 09:16 a This, in my opinion, is not correct. a is colored with green (has execute flag), but for me, claudiu, I don't have execute flag. The coreutils version is for SuSE 10.0: moya:~$ rpm -q -f /bin/ls coreutils-5.3.0-20 Some time ago, I made a patch for ls utility to proper show, if file has ACLs. IE: tealc:/tmp$ ls -l a -rw-r--r-- 1 claudiu users 0 Jan 11 09:18 a tealc:/tmp$ setfacl -m u:root:rwx a tealc:/tmp$ ls -l a -rw-r--r--+ 1 claudiu users 0 Jan 11 09:18 a That is more suggestive than showing in group part rwx from defined u:root ACL. The patch was for: tealc:/tmp$ ls --version ls (fileutils) 4.1.8acl I'll provide the patch, so if you want to modify the ls utility, you're welcome. The patch is quite old (from 2003 ls source code, but the idea is important): maya:/hdd2/home/ftp/pub$ cat ls.c-patch-v2.diff --- src/ls.c.orig 2002-04-10 18:37:50.000000000 +0300 +++ src/ls.c 2003-04-11 15:06:53.000000000 +0300 @@ -2232,13 +2232,92 @@ } #if HAVE_ACL || USE_ACL - if (format == long_format) - { - int n = file_has_acl (path, &files[files_index].stat); - files[files_index].have_acl = (0 < n); - if (n < 0) - error (0, errno, "%s", quotearg_colon (path)); - } + int n = file_has_acl (path, &files[files_index].stat); + + /* + * Hacked by Claudiu Cismaru (claudiu@cnixs.com) for: + * + * fix the output of ls if there are ACL defined + * + * BEGIN HACK + */ + + if (n > 0) { + mode_t new_mode; + acl_t mode_acls; + + acl_entry_t c_acl_entry, m_acl_entry; + acl_tag_t c_acl_tag; + acl_permset_t m_perm_set, c_perm_set; + acl_perm_t t_perm_read, t_perm_write, t_perm_exec; + int has_entry; + + mode_acls = acl_get_file (path, ACL_TYPE_ACCESS); + + has_entry = acl_get_entry (mode_acls, ACL_FIRST_ENTRY, &c_acl_entry); + while (has_entry) { + + if (acl_get_tag_type (c_acl_entry, &c_acl_tag) == 0) { + if ((c_acl_tag != ACL_USER_OBJ) && (c_acl_tag != ACL_GROUP_OBJ) && + (c_acl_tag != ACL_OTHER) && (c_acl_tag != ACL_MASK)) { + acl_delete_entry (mode_acls, c_acl_entry); + } + if (c_acl_tag == ACL_MASK) { + acl_get_permset (c_acl_entry, &m_perm_set); + acl_delete_entry (mode_acls, c_acl_entry); + } + } + + has_entry = acl_get_entry (mode_acls, ACL_NEXT_ENTRY, &c_acl_entry); + } + + + has_entry = acl_get_entry (mode_acls, ACL_FIRST_ENTRY, &c_acl_entry); + while (has_entry) { + + if (acl_get_tag_type (c_acl_entry, &c_acl_tag) == 0) { + + acl_get_permset (c_acl_entry, &c_perm_set); + + if (c_acl_tag == ACL_GROUP_OBJ) { + + t_perm_read = + (acl_get_perm (c_perm_set, ACL_READ) & acl_get_perm (m_perm_set, ACL_READ)) + * ACL_READ; + + t_perm_write = + (acl_get_perm (c_perm_set, ACL_WRITE) & acl_get_perm (m_perm_set, ACL_WRITE)) + * ACL_WRITE; + + t_perm_exec = + (acl_get_perm (c_perm_set, ACL_EXECUTE) & acl_get_perm (m_perm_set, ACL_EXECUTE)) + * ACL_EXECUTE; + + acl_clear_perms (c_perm_set); + acl_add_perm (c_perm_set, t_perm_read); + acl_add_perm (c_perm_set, t_perm_write); + acl_add_perm (c_perm_set, t_perm_exec); + + } + } + + has_entry = acl_get_entry (mode_acls, ACL_NEXT_ENTRY, &c_acl_entry); + } + + if (acl_equiv_mode (mode_acls, &new_mode) == 0) { + files [files_index].stat.st_mode &= ~(0777); + files [files_index].stat.st_mode |= (new_mode & 0777); + } + + } + + /* + * END HACK + */ + + files[files_index].have_acl = (0 < n); + if (n < 0) + error (0, errno, "%s", quotearg_colon (path)); #endif if (S_ISLNK (files[files_index].stat.st_mode)
This product/component is for problems with bugzilla itself. Please reassign to correct product/component.
What kind of info do you need?
I guess NEEDINFO was for reassigning the bug to the correct component (which mgross@suse.de did already). Switching back to ASSIGNED.
(In reply to comment #3) > I guess NEEDINFO was for reassigning the bug to the correct component (which > mgross@suse.de did already). Switching back to ASSIGNED. Correct. The openSUSE product in Bugzilla is only for problems with the openSUSE wiki or with Bugzilla itself.
This has nothing to do with ACLs. The color indicates if _any_ execute permission is set, thus the display is correct.
Ok, let's say the color is OK. But you consider that is OK to show you group permisions like other ACL's permision? Please checkout: moya:/tmp$ ls -l a -rw-r--r-- 1 claudiu users 0 2006-01-11 09:16 a moya:/tmp$ setfacl -m u:root:rwx a moya:/tmp$ ls -l a -rw-rwxr--+ 1 claudiu users 0 2006-01-11 09:16 a So, you consider that showing rwx from root's ACL, in group position of the file mode, instead r-- of claudiu?