> So we now know how to prevent the immediate problem. > Does "system.nfs4_acl" show up in > getfattr -d test.sh > ?
$ getfattr -d test.sh $ And this is the same regardless the value (permissions or skip) for system.nfs4_acl in /etc/xattr.conf > Maybe it is the right package to learn more about the attribute of your > file. Maybe it is even the origin of its existence. $ nfs4_getfacl test.sh # file: test.sh A::OWNER@:rwaxtTcCy A::GROUP@:rxtcy A::EVERYONE@:tcy So nothing more interesting to me despite my ignorance on NFS4. Le mer. 10 juil. 2024 à 09:11, Thomas Schmitt <scdbac...@gmx.net> a écrit : > > Hi, > > Patrice Duroux wrote: > > On the other hand, after modifying /etc/xattr.conf to replace: > > system.nfs4_acl permissions > > by: > > system.nfs4_acl skip > > then test.sh works nicely: > > So we now know how to prevent the immediate problem. > > Does "system.nfs4_acl" show up in > > getfattr -d test.sh > > ? > > > > Is there a risk to leave /etc/xattr.conf like this? > > Given our test results with "system.nfs4_acl" and your success with the > changed configuration, i'd say it is mostly beneficial. > > You could of course try to remove this hard-to-digest attribute > from the file: > > setfattr -x system.nfs4_acl test.sh > > > > If I am right, this file is provided by libattr1 package and its > > content is from upstream: > > https://git.savannah.nongnu.org/cgit/attr.git/tree/xattr.conf > > I probably misinterpreted the comment in coreutils copy.c. > SELinux and xattr.conf are not associated but only handled together in > that piece of code. > > > There remains the question how your file got this attribute. > Was it created when the filesystem was exported via NFS ? > > In the web i find references to a command nfs4_setfacl. > Debian has it in package nfs4-acl-tools: > https://tracker.debian.org/pkg/nfs4-acl-tools > Not very active but present from "old-old-stable" to Sid. > > Maybe it is the right package to learn more about the attribute of your > file. Maybe it is even the origin of its existence. > > > Have a nice day :) > > Thomas >
