LDAP integration / ACL in Perl revisited

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Jun 24 17:13:00 GMT 2014


On Jun 24 12:18, Achim Gratz wrote:
> I've just set up a new machine with Cygwin (64bit w/ the 2014-06-23 13:20:35
> snapshot), nsswitch.conf specifies "db" for both passwd and group (the files
> have been moved away just to be sure they aren't picked up).  I have one
> share with somewhat strange ACL that I always had to use via a "noacl" mount
> option.  I thought I should try again and this is what happened (bla is a
> file that has non-zero size and is owned by me):
> 
> (1014) > getfacl bla
> # file: bla
> # owner: gratz
> # group: Domain Users
> user::---
> group::---
> group:+Authenticated Users:rwx
> mask:rwx
> other:---

^^^^^^^ This... (*)

> (1015) > [ -r bla ] && echo Hello...
> Hello...
> (1018) > perl -E 'say -R "bla" ? "yes" : "no"'
> no
> (1016) > perl -E 'say -r "bla" ? "yes" : "no"'
> no
> (1017) > perl -E 'say -O "bla" ? "yes" : "no"'
> yes
> 
> So for whatever reason Perl still doesn't deal correctly with those ACL,
> while the shell test operator does.  Now the kicker: if I run Perl under
> strace, the test succeeds... huh?

Without pulling strace into the picture, I get different results for -O
depending on whether running this on the command line as above, or if I
run this via a perl script.  I prepared a file with permissions
equivalent to the above getfacl output:

  $ getfacl bla
  # file: bla
  # owner: corinna
  # group: vinschen
  user::---
  group::---
  group:+Authenticated Users:rwx
  mask:rwx
  other:---

This results in 

  $ perl -E 'say -R "bla" ? "yes" : "no"'
  no
  $ perl -E 'say -r "bla" ? "yes" : "no"'
  no
  $ perl -E 'say -O "bla" ? "yes" : "no"'
  yes

But when I run this via a perl script:

  $ cat > x.pl <<EOF
  use v5.10;
  say -R bla ? "yes" : "no";
  say -r bla ? "yes" : "no";
  say -O bla ? "yes" : "no";
  EOF
  $ perl x.pl
  no
  no
  no

I didn't try to debug this.

>    26  556465 [main] perl 5712 path_conv::check: this->path(\\share\bla),
> has_acls(1)
>    34  556499 [main] perl 5712 build_fh_pc: fh 0x18032C9F0, dev 000000C3
>    27  556526 [main] perl 5712 stat_worker: (\??\UNC\share\bla, 0x600039498,
> 0x18032C9F0), file_attributes 32
> 12380  568906 [main] perl 5712 fhandler_base::fstat_helper: 0 = fstat
> (\??\UNC\share\bla, 0x600039498) st_size=228, st_mode=0x81A4,

(*) ...does not match that .........................^^^^^^^^^^^^^^

The getfacl permissions look like the last 9 bits of st_mode should have
been 000 octal, but the above st_mode is equivalent to 0644 permissions.
That's weird.  It does not happen for me, st_mode is 0100000, as expected.

If perl really only calls stat to check the POSIX permission bits (as
the strace output suggests, I checked mine), that would account for the
"no" in the -r/-R case.  What it should do is calling euidaccess/access,
or faccessat as test(1) does.

Since test(1) is doing the right thing and returning the right results,
I'm blaming perl for now.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140624/0de52403/attachment.sig>


More information about the Cygwin mailing list