LDAP integration / ACL in Perl revisited
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Jun 24 17:13:00 GMT 2014
On Jun 24 12:18, Achim Gratz wrote:
> I've just set up a new machine with Cygwin (64bit w/ the 2014-06-23 13:20:35
> snapshot), nsswitch.conf specifies "db" for both passwd and group (the files
> have been moved away just to be sure they aren't picked up). I have one
> share with somewhat strange ACL that I always had to use via a "noacl" mount
> option. I thought I should try again and this is what happened (bla is a
> file that has non-zero size and is owned by me):
>
> (1014) > getfacl bla
> # file: bla
> # owner: gratz
> # group: Domain Users
> user::---
> group::---
> group:+Authenticated Users:rwx
> mask:rwx
> other:---
^^^^^^^ This... (*)
> (1015) > [ -r bla ] && echo Hello...
> Hello...
> (1018) > perl -E 'say -R "bla" ? "yes" : "no"'
> no
> (1016) > perl -E 'say -r "bla" ? "yes" : "no"'
> no
> (1017) > perl -E 'say -O "bla" ? "yes" : "no"'
> yes
>
> So for whatever reason Perl still doesn't deal correctly with those ACL,
> while the shell test operator does. Now the kicker: if I run Perl under
> strace, the test succeeds... huh?
Without pulling strace into the picture, I get different results for -O
depending on whether running this on the command line as above, or if I
run this via a perl script. I prepared a file with permissions
equivalent to the above getfacl output:
$ getfacl bla
# file: bla
# owner: corinna
# group: vinschen
user::---
group::---
group:+Authenticated Users:rwx
mask:rwx
other:---
This results in
$ perl -E 'say -R "bla" ? "yes" : "no"'
no
$ perl -E 'say -r "bla" ? "yes" : "no"'
no
$ perl -E 'say -O "bla" ? "yes" : "no"'
yes
But when I run this via a perl script:
$ cat > x.pl <<EOF
use v5.10;
say -R bla ? "yes" : "no";
say -r bla ? "yes" : "no";
say -O bla ? "yes" : "no";
EOF
$ perl x.pl
no
no
no
I didn't try to debug this.
> 26 556465 [main] perl 5712 path_conv::check: this->path(\\share\bla),
> has_acls(1)
> 34 556499 [main] perl 5712 build_fh_pc: fh 0x18032C9F0, dev 000000C3
> 27 556526 [main] perl 5712 stat_worker: (\??\UNC\share\bla, 0x600039498,
> 0x18032C9F0), file_attributes 32
> 12380 568906 [main] perl 5712 fhandler_base::fstat_helper: 0 = fstat
> (\??\UNC\share\bla, 0x600039498) st_size=228, st_mode=0x81A4,
(*) ...does not match that .........................^^^^^^^^^^^^^^
The getfacl permissions look like the last 9 bits of st_mode should have
been 000 octal, but the above st_mode is equivalent to 0644 permissions.
That's weird. It does not happen for me, st_mode is 0100000, as expected.
If perl really only calls stat to check the POSIX permission bits (as
the strace output suggests, I checked mine), that would account for the
"no" in the -r/-R case. What it should do is calling euidaccess/access,
or faccessat as test(1) does.
Since test(1) is doing the right thing and returning the right results,
I'm blaming perl for now.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140624/0de52403/attachment.sig>
More information about the Cygwin
mailing list