Re: "Permission denied" from dired, but not from ido completion in tramp

[Adam Sjøgren]

Philipp writes:

> I will ask the people at DESY what's going on here in detail, but I
> heard some time ago that ACLs are being used, which seem to work in
> parallel to the usual Linux rights.

You can check from the commandline with "getfacl FOLDER". "ls -ld"
also indicates that there are ACLs set by adding a "+" after the
permissions.

Michael writes:

> Tramp checks also ACLs and SELinux permissions, but only after the
> usual UNIX permission tests. Maybe this must be tuned?

ACLs can give access to files/folders that the unix permissions do not
indicate access to, so I guess TRAMP should do the ACL check even if
the unix permission test says no?

Example:

    $ ls -ld hep
    dr-xr-x--- 2 root staff 22 2024-06-15 11:56:01 hep
    $ cd hep
    bash: cd: hep: Permission denied
    $ ls hep
    ls: cannot open directory 'hep': Permission denied

My user, asjo, does not have access to the folder 'hep' according to
unix permissions, and there are no ACLs set.

    $ sudo setfacl -d -m u:asjo:rwx hep
    $ sudo setfacl -n -m u:asjo:rwx hep
    $ ls -ld hep
    dr-xr-x---+ 2 root staff 22 2024-06-15 11:56:01 hep

After setting ACLs, the unix permissions still indicate that asjo does
not have access, but now there is a "+" for ACLs present.

    $ cd hep
    $ ls
    test.txt

The ACLs allows asjo to cd into the folder and list the file there.

    $ id | grep staff
    $ 

(asjo is not in the staff group.)


I hope I understood the discussion correctly O:-)


  Best regards,

    Adam

-- 
 "What year is it?"                                         Adam Sjøgren
 "2040, our president is a plant."                     asjo@koldfront.dk