Philipp writes:
> I will ask the people at DESY what's going on here in detail, but I
> heard some time ago that ACLs are being used, which seem to work in
> parallel to the usual Linux rights.
You can check from the commandline with "getfacl FOLDER". "ls -ld"
also indicates that there are ACLs set by adding a "+" after the
permissions.
Michael writes:
> Tramp checks also ACLs and SELinux permissions, but only after the
> usual UNIX permission tests. Maybe this must be tuned?
ACLs can give access to files/folders that the unix permissions do not
indicate access to, so I guess TRAMP should do the ACL check even if
the unix permission test says no?
Example:
$ ls -ld hep
dr-xr-x--- 2 root staff 22 2024-06-15 11:56:01 hep
$ cd hep
bash: cd: hep: Permission denied
$ ls hep
ls: cannot open directory 'hep': Permission denied
My user, asjo, does not have access to the folder 'hep' according to
unix permissions, and there are no ACLs set.
$ sudo setfacl -d -m u:asjo:rwx hep
$ sudo setfacl -n -m u:asjo:rwx hep
$ ls -ld hep
dr-xr-x---+ 2 root staff 22 2024-06-15 11:56:01 hep
After setting ACLs, the unix permissions still indicate that asjo does
not have access, but now there is a "+" for ACLs present.
$ cd hep
$ ls
test.txt
The ACLs allows asjo to cd into the folder and list the file there.
$ id | grep staff
$
(asjo is not in the staff group.)
I hope I understood the discussion correctly O:-)
Best regards,
Adam
--
"What year is it?" Adam Sjøgren
"2040, our president is a plant." [email protected]
