ACLs don't work

Question

ACLs don't work

tjay opened this issue 4 years ago · 4 comments

I tested the 1.8 and the 2.0-beta2 release. In both versions it was not possible for me to set / get correctly POSIX ACLs.
Without gocryptfs-mount, ACLs work in the tested filesystem:

tjay@helios64:~/gocryptfs-2.0-beta2$ uname -a
Linux host 5.9.14-rockchip64 #20.11.4 SMP PREEMPT Tue Dec 15 08:52:20 CET 2020 aarch64 GNU/Linux

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test.enc
tjay@host:~/gocryptfs-2.0-beta2$ mkdir test
tjay@host:~/gocryptfs-2.0-beta2$ ./gocryptfs -init test.enc
...
tjay@host:~/gocryptfs-2.0-beta2$ ./gocryptfs -info test.enc
Creator:      gocryptfs [unknown]
FeatureFlags: GCMIV128 HKDF DirIV EMENames LongNames Raw64
EncryptedKey: 64B
ScryptObject: Salt=32B N=65536 R=8 P=1 KeyLen=32
tjay@host:~/gocryptfs-2.0-beta2$  ./gocryptfs test.enc test
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -dm u:root:rwx test
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -m u:root:rwx test
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test
# file: test
# owner: tjay
# group: tjay
user::rwx
user:root:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test/test.d
tjay@host:~/gocryptfs-2.0-beta2$ touch test/test
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test/test
# file: test/test
# owner: tjay
# group: tjay
user::rw-
group::r--
other::r--

tjay@host:~/gocryptfs-2.0-beta2$ getfacl test/test.d
# file: test/test.d
# owner: tjay
# group: tjay
user::rwx
group::r-x
other::r-x

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test2
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -dm u:root:rwx test2
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -m u:root:rwx test2
tjay@host:~/gocryptfs-2.0-beta2$ touch test2/test
tjay@host:~/gocryptfs-2.0-beta2$ mkdir test2/test.d
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test2/test
# file: test2/test
# owner: tjay
# group: tjay
user::rw-
user:root:rwx                   #effective:rw-
group::r-x                      #effective:r--
mask::rw-
other::r--

tjay@host:~/gocryptfs-2.0-beta2$ getfacl test2/test.d
# file: test2/test.d
# owner: tjay
# group: tjay
user::rwx
user:root:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

Answer 1 · 2021-01-27T16:04:54.000Z

Can confirm this behavior. Propagation of default ACLs does not work.

Answer 2 · 2021-02-07T19:13:08.000Z

Warning added to the README: 4b4a68e

Answer 3 · 2021-02-07T19:13:37.000Z

I can reproduce the bug. ACLs are not enforced.

Answer 4 · 2021-05-08T15:25:44.000Z

Should be fixed now. Care to test? Binary attached.

gocryptfs_v2.0-beta3-3-gcc1dd0a-dirty.acl_linux-static_amd64.tar.gz