Lab 32.3 issue with Ubuntu

gairsty

I have another issue with ubuntu 20.04!

When working through Lab 32.3, after running,
setfacl -m u:fool:rw /tmp/afile
and then logging is as fool, I am still unable to modify /tmp/afile

It works fine in both the Fedora and OpenSUSE VMs I have in Vmware.

I've attached a screenshot of the process, Fedora alongside Ubuntu.

Any idea why Ubuntu is not giving the same results as the others?

(ubuntu is running on a real machine, Fedora and OpenSUSE are running in VMware)

Also, in the solution, at point 5, 'In window 2' should it not be a command such as,
$cat /tmp/afile to elicit the Permission denied response?

lee42x

Hi Gairsty, Thank you for this question, you are correct this is broken in Ubuntu 20.04. I will do further investigation but for now we have to list this a bug.
Thanks Lee

lee42x

It seems to be related to "/tmp" but I'm still working on it.

gairsty

That's where I got to, then I tried Fedora and OpenSUSE and couldn't see any difference.

I look forward to seeing what the issue is.

Cheers

luisviveropena

Hi @gairsty ,

I just confirmed this is working on Ubuntu 18.04. After added acl's for the second username, I was able to edit the file created by the another username. I just had to do ":wq!" in order to be able to edit the file (using vim).

But if that's not working on Ubuntu 20, that looks like a bug, as Lee said.

Many regards,
Luis.

gairsty

I just had to do ":wq!" in order to be able to edit the file (using vim).

Hi Luis.

As a non-vim user, what does that mean?
(I'll ask directly rather than searching the internet and having to do wade through rafts of emacs vs vim posts... )

luisviveropena

Hi @gairsty ,

Basically it woks on Ubuntu 18 and it's broken on Ubuntu 20. So, if you want to test the functionality on Ubuntu, please try with 18.04.

Many regards,
Luis.

gairsty

LOL!
I'll pass, I made it work on Fedora and openSUSE, just glad it's not something I'd done wrong!

Thank you!

luisviveropena

Hehehe, that's pretty good! I'm glad it's clear now

Many regards,
Luis.

PRopiy

Also, in the solution, at point 5, 'In window 2' should it not be a command such as,
$cat /tmp/afile to elicit the Permission denied response?

coop

If you are in vi, typing :wq! lets you save("w", for write) and exit ("q", for quit) in one step. You don't need the ! for that

coop

overwriting the file is fine as a test and was used throughout

lee42x

Found the root issue, the ACL's are ignored if the sticky bit is on for the directory. This only applies to Ubuntu 20.04 so far. For the lab, use a different directory.

coop

Using another directory is not quite trivial as for both users to access the file it needs to be someplace where both can modify it, which is why /tmp was used to begin with. This sounds like a bug in Ubuntu 20.04 unless we can find something in the actual documentation that says it is a bug everywhere else, so for the moment the lab won't change, except perhaps to note that Ubuntu 20.04 is on its own planet, once we decide that is true

gairsty

Note: I am continuing the rest of my courses on Ubuntu 18.04!
Of the many things I've learned recently, no distro is the same as any other. I understand why, and can appreciate that things are improved, etc. etc.... but it's very annoying when you're learning!!

m.taniguchi

Hi.
Same here on my Ubuntu 20.04LTS. OK, I've worked on different directory such as /home/myuser and checked it works as expected.

BTW, is I'm curious about how to monitor what happens on OS when access to /tmp/afile is denied by permission. Any ideas?

luisviveropena

Hi @m.taniguchi ,

BTW, is I'm curious about how to monitor what happens on OS when access to /tmp/afile is denied by permission. Any ideas?

What do you mean with that? Can you re-phrase or explain it, please?

Regards,
Luis.

m.taniguchi

@luisviveropena Oh, sorry. I meant about how to debug setfacl functionality , when the unexpected "Permission denied" message came up, I checked syslog or kernel log, but nothing imply error . How do you check and debug if setfacl not work as expected? (Or is it impossible?)

luisviveropena

Hi @m.taniguchi ,

Ok, got it. I think you would think in a test method, that could be useful for other tools as well. I'd say you can do the following:

1.- Test the functionality as described in the documentation.
2.- If it doesn't work, check the configuration, if there is any, as there may be an error in this part.
3.- Confirm if the user you are working with is the correct.
4.- Confirm if the permissions on the file(s) and/or directory(ries) are the correct.
5.- Look for documented bugs for the feature.
6.- If it doesn't work yet, try it in another version on the same distro (a previous distro may be able to get it working).
7.- It it doesn't work yet, try it in another distro.

There are things that are more difficult to troubleshoot than others, specially when it's a bug.

Regards,
Luis.