fcm_internal load: doesn't respect filesystem ACLs
ScottWales opened this issue · 1 comments
The fcm_internal load
command is not able to find BLOCKDATA files if they are readable using an access control list (using setfacl(1)). We have file permissions for our prebuilds set up like:
$ getfacl /projects/access/umdir/prebuilds/vn7.3_access1.3_safe/ummodel/obj/blkdata.o
getfacl: Removing leading '/' from absolute path names
# file: projects/access/umdir/prebuilds/vn7.3_access1.3_safe/ummodel/obj/blkdata.o
# owner: saw562
# group: access.admin
user::rw-
group::rwx #effective:rw-
group:access:r-x #effective:r--
group:access.admin:rwx #effective:rw-
mask::rw-
other::---
We use this so that users in the access.admin
group can read & write files, while users in the access
group can only read them.
The test at https://github.com/metomi/fcm/blob/master/bin/fcm_internal#L283 ignores these ACLs (see http://perldoc.perl.org/functions/-X.html), so it will only find the path to blockdata.o
if the user is in the access.admin
group.
The documentation implies that a workaround is to add use filetest 'access'
, will take a look and see if this fixes the issue.
@ScottWales Instead of adding the pragma, it is probably better to remove unnecessary -r
, -w
and -x
tests. This also needs to be done elsewhere. I'll try and see what can be done.