fcm_internal load: doesn't respect filesystem ACLs

Question

fcm_internal load: doesn't respect filesystem ACLs

ScottWales opened this issue 10 years ago · 1 comments

The fcm_internal load command is not able to find BLOCKDATA files if they are readable using an access control list (using setfacl(1)). We have file permissions for our prebuilds set up like:

$ getfacl /projects/access/umdir/prebuilds/vn7.3_access1.3_safe/ummodel/obj/blkdata.o
getfacl: Removing leading '/' from absolute path names
# file: projects/access/umdir/prebuilds/vn7.3_access1.3_safe/ummodel/obj/blkdata.o
# owner: saw562
# group: access.admin
user::rw-
group::rwx          #effective:rw-
group:access:r-x        #effective:r--
group:access.admin:rwx      #effective:rw-
mask::rw-
other::---

We use this so that users in the access.admin group can read & write files, while users in the access group can only read them.

The test at https://github.com/metomi/fcm/blob/master/bin/fcm_internal#L283 ignores these ACLs (see http://perldoc.perl.org/functions/-X.html), so it will only find the path to blockdata.o if the user is in the access.admin group.

The documentation implies that a workaround is to add use filetest 'access', will take a look and see if this fixes the issue.

Answer 1 · 2014-05-29T09:22:47.000Z

@ScottWales Instead of adding the pragma, it is probably better to remove unnecessary -r, -w and -x tests. This also needs to be done elsewhere. I'll try and see what can be done.