ACLs don't work #536

tjay · 2021-01-03T10:42:20Z

I tested the 1.8 and the 2.0-beta2 release. In both versions it was not possible for me to set / get correctly POSIX ACLs.
Without gocryptfs-mount, ACLs work in the tested filesystem:

tjay@helios64:~/gocryptfs-2.0-beta2$ uname -a
Linux host 5.9.14-rockchip64 #20.11.4 SMP PREEMPT Tue Dec 15 08:52:20 CET 2020 aarch64 GNU/Linux

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test.enc
tjay@host:~/gocryptfs-2.0-beta2$ mkdir test
tjay@host:~/gocryptfs-2.0-beta2$ ./gocryptfs -init test.enc
...
tjay@host:~/gocryptfs-2.0-beta2$ ./gocryptfs -info test.enc
Creator:      gocryptfs [unknown]
FeatureFlags: GCMIV128 HKDF DirIV EMENames LongNames Raw64
EncryptedKey: 64B
ScryptObject: Salt=32B N=65536 R=8 P=1 KeyLen=32
tjay@host:~/gocryptfs-2.0-beta2$  ./gocryptfs test.enc test
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -dm u:root:rwx test
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -m u:root:rwx test
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test
# file: test
# owner: tjay
# group: tjay
user::rwx
user:root:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test/test.d
tjay@host:~/gocryptfs-2.0-beta2$ touch test/test
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test/test
# file: test/test
# owner: tjay
# group: tjay
user::rw-
group::r--
other::r--

tjay@host:~/gocryptfs-2.0-beta2$ getfacl test/test.d
# file: test/test.d
# owner: tjay
# group: tjay
user::rwx
group::r-x
other::r-x

tjay@host:~/gocryptfs-2.0-beta2$ mkdir test2
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -dm u:root:rwx test2
tjay@host:~/gocryptfs-2.0-beta2$ setfacl -m u:root:rwx test2
tjay@host:~/gocryptfs-2.0-beta2$ touch test2/test
tjay@host:~/gocryptfs-2.0-beta2$ mkdir test2/test.d
tjay@host:~/gocryptfs-2.0-beta2$ getfacl test2/test
# file: test2/test
# owner: tjay
# group: tjay
user::rw-
user:root:rwx                   #effective:rw-
group::r-x                      #effective:r--
mask::rw-
other::r--

tjay@host:~/gocryptfs-2.0-beta2$ getfacl test2/test.d
# file: test2/test.d
# owner: tjay
# group: tjay
user::rwx
user:root:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

The text was updated successfully, but these errors were encountered:

hstock · 2021-01-27T16:04:54Z

Can confirm this behavior. Propagation of default ACLs does not work.

rfjakob · 2021-02-07T19:13:08Z

Warning added to the README: 4b4a68e

rfjakob · 2021-02-07T19:13:37Z

I can reproduce the bug. ACLs are not enforced.

With test to verify that it actually works this time: Run "make root_test". Depends-on: #536 Fixes: #536

rfjakob · 2021-05-08T15:25:44Z

Should be fixed now. Care to test? Binary attached.

gocryptfs_v2.0-beta3-3-gcc1dd0a-dirty.acl_linux-static_amd64.tar.gz

rfjakob added the bug label Feb 7, 2021

rfjakob mentioned this issue Feb 7, 2021

ACLs not working in allow_other mode? #542

Closed

rfjakob added this to the v2.1 milestone Mar 14, 2021

rfjakob added a commit that referenced this issue May 8, 2021

Add -acl flag to enable ACL enforcement

0f7c807

With test to verify that it actually works this time: Run "make root_test". Depends-on: #536 Fixes: #536

rfjakob modified the milestones: v2.1, v2.0 May 8, 2021

rfjakob added a commit that referenced this issue May 8, 2021

Add -acl flag to enable ACL enforcement

cc1dd0a

With test to verify that it actually works this time: Run "make root_test". Depends-on: #536 Fixes: #536

rfjakob closed this as completed in 86d8336 May 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ACLs don't work #536

ACLs don't work #536

tjay commented Jan 3, 2021

hstock commented Jan 27, 2021

rfjakob commented Feb 7, 2021

rfjakob commented Feb 7, 2021

rfjakob commented May 8, 2021

ACLs don't work #536

ACLs don't work #536

Comments

tjay commented Jan 3, 2021

hstock commented Jan 27, 2021

rfjakob commented Feb 7, 2021

rfjakob commented Feb 7, 2021

rfjakob commented May 8, 2021