Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File is executable when X option is set on directory #64

Closed
grodriguezl opened this issue Aug 2, 2019 · 7 comments · Fixed by #65
Closed

File is executable when X option is set on directory #64

grodriguezl opened this issue Aug 2, 2019 · 7 comments · Fixed by #65
Labels
bug Something isn't working

Comments

@grodriguezl
Copy link

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 6.7.2
  • Ruby:
  • Distribution: CentOS 7
  • Module version: Last commit, after fe6c5ca

Scenario

Hi
I have this directory with the following permissions:

ls -l /backup2
total 0
-rw-r--r--. 1 root     root      0 ago  2 15:40 file0
drwx------. 2 postgres postgres 19 ago  2 15:40 test1
drwx------. 2 root     root      6 ago  2 15:39 test2

How to reproduce (e.g Puppet code you use)

posix_acl { "/backup2":
    action     => set,
    permission => [
      'user:syncuser:rwX',
      'mask::rwX',
    ],
    recursive  => true,
   }

What are you seeing

File /backup2/file0 is executable

getfacl file0
# file: file0
# owner: root
# group: root
user::rw-
user:syncuser:rwx
group::r--
mask::rwx
other::r--

What behaviour did you expect instead

File /backup2/file0 is not executable.
I would expect every file inside /backup2 to be not executable and every dir inside /backup executable.

getfacl file0
# file: file0
# owner: root
# group: root
user::rw-
user:syncuser:rw-
group::r--
mask::rw-
other::r--

Debug log

Executing: '/usr/bin/setfacl -R -n -m user:syncuser:rwx /backup2'
Executing: '/usr/bin/setfacl -R -n -m mask::rwx /backup2'

Any additional information you'd like to impart

If I run setfacl -n -R -m u:syncuser:rwX /backup2 and setfacl -n -R -m m::rwX /backup2 manually the result is the expected one with file0 being not executable

@juniorsysadmin juniorsysadmin added the bug Something isn't working label Aug 3, 2019
@ekohl
Copy link
Member

ekohl commented Aug 7, 2019

Fixed in #61 but unreleased.

@ekohl ekohl closed this as completed Aug 7, 2019
@grodriguezl
Copy link
Author

I am using the latest and unreleased version from master branch (after #61).

This line

new_perm = @resource.value(:permission).map(&:downcase)

changes X to x for comparison purposes.

Later

perm_to_set = new_perm - cur_perm

perm_to_set.each do |perm|
set_perm(perm, @resource.value(:path))

perm_to_set has x instead of X. At the end, the applied permission is x which makes all files within a directory executables.

@ekohl
Copy link
Member

ekohl commented Aug 7, 2019

Apologies, didn't read carefully.

@ekohl ekohl reopened this Aug 7, 2019
@ekohl
Copy link
Member

ekohl commented Aug 8, 2019

@jadestorm could you have a look?

@jadestorm
Copy link

@ekohl Hrm. I'll take a look but it probably won't be for a few days or even potentially weeks as things are busy at work. Feel free to revert the PR and I'll resubmit if you want! Regardless I'll try to take care of it asap. =) Thanks!

@jadestorm
Copy link

@ekohl I'm working on this right now btw -- I'll submit a second PR for the fix. Thanks for catching this @grodriguezl !

@jadestorm
Copy link

See #65 In my tests it solved the issue. It's not the cleanest thing in the world.

@ekohl ekohl closed this as completed in #65 Aug 17, 2019
ekohl added a commit that referenced this issue Aug 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants