ACL's doesn't work with SUIDDIR
Hi all, I'm using FreeBSD 6.2-RELEASE, with suiddir set as option in kernel config and fstab (+ acl support). My goal is to have a directory (precisely a SVN repo) writable by X specific users, where all created/modified files remain owned by svn. I know that's not the only way to do it - but I have reasons to do it so and not differently. I tried following: drwx-- 7 svn users 512 21 Mär 17:30 braintrust => user thomas CANT'T write in braintrust setfacl -d -m u::rwx,g::---,o::---,u:thomas:rwx braintrust/ drwx-- 7 svn users 512 21 Mär 17:31 braintrust => user thomas CAN'T write in braintrust - but he got an default ACL that will apply on all created files in braintrust setfacl -m u:thomas:rwx braintrust/ drwxrwx---+ 7 svn users 512 21 Mär 17:34 braintrust => user thomas CAN write in braintrust - and all created files in braintrust got the default ACL chmod +s braintrust/ drwsrws---+ 7 svn users 512 21 Mär 17:35 braintrust => braintrust get the suidbit/sgidbit, and all files created by thomas in braintrust should be owned by svn|users BUT: after +s, user thomas CAN'T write anymore in braintrust, the error is not "Permission denied", but "Operation not permitted". However, he can read the directory content. If I do the same with a directory that hasn't ACL's, it works as expected... If I understand the manpages correctly, this isn't the correct behavior, but a bug. Can this be fixed? If I miss understand something, thanks to correct me. -- Cédric Jonas[EMAIL PROTECTED] GPG ID: 30CCFE8D GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D Jabber-ID: [EMAIL PROTECTED] signature.asc Description: PGP signature
Panic in bus_dmamap_load_mbuf (pmap.h:201)
vpo # Requires scbus and da # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device fxp # Intel EtherExpress PRO/100B (82557, 82558) device rl # RealTek 8129/8139 # 'device ed' requires 'device miibus' device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards # Wireless NIC cards device wlan# 802.11 support device ath device ath_hal # Atheros HAL (includes binary component) # Pseudo devices. device loop# Network loopback device mem # Memory and kernel memory devices device io # I/O device device random # Entropy device device ether # Ethernet support device sl # Kernel SLIP device ppp # Kernel PPP device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf # Berkeley packet filter # USB support device uhci# UHCI PCI->USB interface device ohci# OHCI PCI->USB interface device usb # USB Bus (required) device udbp# USB Double Bulk Pipe devices device ugen# Generic device uhid# "Human Interface Devices" device ukbd# Keyboard device ulpt# Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse device urio# Diamond Rio 500 MP3 player device uscanner# Scanners # PF device pf #PF OpenBSD packet-filter firewall device pflog #logging support interface for PF device pfsync #synchronization interface for PF options ALTQ options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build # PPPoE DSL options NETGRAPH options NETGRAPH_SOCKET options NETGRAPH_PPPOE options NETGRAPH_ETHER # SMP options SMP # Symmetric MultiProcessor Kernel options MPTABLE_FORCE_HTT # Enable HTT CPUs with the MP Table options PREEMPTION options CPU_ENABLE_TCC options CPU_FASTER_5X86_FPU options CPU_SUSP_HLT # Save kernel config in binary's options INCLUDE_CONFIG_FILE # Disks options QUOTA #enable disk quotas # Posix 1003.1b options P1003_1B_SEMAPHORES # Sound # devicesound # devicesnd_ich # devicespeaker #Play IBM BASIC-style noises out your speaker # SMBus device smbus # Bus support, required for smb below. device ichsmb device smb # Reboot after panic options PANIC_REBOOT_WAIT_TIME=60 # Emulation options COMPAT_LINUX options COMPAT_AOUT options LINPROCFS # Filesystems options NULLFS #NULL filesystem Another important detail could be that I use a dual Xeon box, which HT enabled, which results in 4 logical CPU's and explain why anybody reported this problem before?! I hope somebody could help, if you need additional informations, let me know. Thank you. -- Best regards, Cédric Jonas ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Panic in bus_dmamap_load_mbuf (pmap.h:201)
On Sun, 3 Jul 2005 22:56:33 +0200 Cédric Jonas <[EMAIL PROTECTED]> wrote: > Hello, > > Since 1 or 2 months, I experienced panics when I use the ath interface of our > server (configured as hostap). Also, the system hangs often (without panic) > during the boot process at the "Setting hostname: icarus." level. Because I > had absolutely no time, I couldn't learn to use the kernel debugger before. > > > > icarus# uname -a > FreeBSD icarus 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun Jul 3 15:14:13 > CEST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ICARUS i386 > > Sources are from July, 1 > > > debug.mpsafenet: 1 > > > > After compiling the kernel with debug options, I get the following during the > boot process: > > Setting hostname: icarus. > lock order reversal >1st 0xc2cd4c6c ath0 (network driver) @ > /usr/src/sys/dev/ath/if_ath.c:893 >2nd 0xc30583c8 user map (user map) @ /usr/src/sys/vm/vm_map.c:2998 > > > Another important detail could be that I use a dual Xeon box, which HT > enabled, which results in 4 logical CPU's and explain why anybody reported > this problem before?! > > I hope somebody could help, if you need additional informations, let me know. > Thank you. > > -- > Best regards, > Cédric Jonas > ___ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > If it can help: I tried to disable PREEMPTION, the hyperthreading functionality (=> 2 logical CPU), and I set debug.mpsafenet to 0, but the LOR (+ Panic when ath0 is used) continue to occure... I tried also to downgrade to 5.3-RELEASE, where the problems do _not_ occur... but that's not a solution. -- Best regards, Cédric Jonas ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rcNG issue
On Mon, 18 Jul 2005 19:58:43 +0200 Kövesdán Gábor <[EMAIL PROTECTED]> wrote: > Hello, > > I have a problem with my rcNG scripts. There are three scripts: > named.sh, apache2.sh and proftpd.sh. Apache and ProFTPd require hostname > resolving thus named should start firstly. The headers of my scripts are: > > named.sh: > > #!/bin/sh > # > > # PROVIDE: named > # REQUIRE: SERVERS > # BEFORE: apache2 proftpd mysqld > # KEYWORD: FreeBSD shutdown > > . /etc/rc.subr > > > > > > apache2.sh: > > #!/bin/sh > # > > # PROVIDE: apache2 > # REQUIRE: NETWORKING SERVERS named > # BEFORE: DAEMON > # KEYWORD: FreeBSD shutdown > > . /etc/rc.subr > > > > proftpd.sh: > > #!/bin/sh > # > > # PROVIDE: proftpd > # REQUIRE: DAEMON > # BEFORE: LOGIN > # KEYWORD: FreeBSD shutdown > > . /etc/rc.subr > > > > > > And when I enable all the three scripts in rc.conf, the apache hangs > because it can't resolve the computer's hostname. It's really annoying, > I have to manually start it after a reboot, or wait for the cronscript > that checks whether it is running. > What's wrong? I had similar problems these days, and I found out that rcNG seems to be only active for /etc/rc.d/ (see rc.subr(8) and rcorder(8) + files in /etc/). So put your scripts there, and it will do what you want. > > Thanks in advance, > > Gábor Kövesdán > _______ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Best regards, Cédric Jonas ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
