samba-bugs at samba.org
2011-Mar-17 05:41 UTC
[Bug 8020] New: --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
Summary: --acls does not honor --numeric-ids if UIDs do not
match
Product: rsync
Version: 3.0.7
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: core
AssignedTo: wayned at samba.org
ReportedBy: rsync at sanitarium.net
QAContact: rsync-qa at samba.org
If the same user name exists on two systems but with different numeric UIDs
rsync normally does a translation. Using --numeric-ids is supposed to disable
that translation feature (which it does for file ownership). However, it does
not for ACLs.
Here is an example of an directory with an ACL transferred between 2 systems
that have a qmaild user with different UIDs.
---------------------------------------------------------------
localbox# rsync --archive --acls --itemize-changes --numeric-ids
remotebox:/service ./
.d.......a. service/
localbox# ssh remotebox getfacl /service
getfacl: Removing leading '/' from absolute path names
# file: service
# owner: root
# group: service
user::rwx
user:nagios:r-x
user:qmaild:r-x
user:nobody:r-x
group::r-x
mask::r-x
other::---
localbox# ssh remotebox id qmaild
uid=380(qmaild) gid=200(nofiles) groups=200(nofiles),300(service)
localbox# getfacl service
# file: service
# owner: root
# group: 300
user::rwx
user:qmaild:r-x
user:320:r-x
user:nobody:r-x
group::r-x
mask::r-x
other::---
localbox# id qmaild
uid=201(qmaild) gid=200(nofiles) groups=200(nofiles)
------------------------------------------------------------
Both systems are running Gentoo Linux and rsync 3.0.7. I discovered this
problem because I was using rsync to backup the server with the ACL to a backup
system that also had the qmaild user but with a different UID. When I later
restored that backup while booted from a live CD (SystemRescueCD) it did not
have a qmaild user so the numeric value from my backup server was used rather
than the numeric value it was supposed to be.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 09:14 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020 --- Comment #1 from Curu Wong <prinbra at gmail.com> 2011-03-18 09:14:54 UTC --- Created attachment 6303 --> https://bugzilla.samba.org/attachment.cgi?id=6303 rsync ACL numeric-ids option patch It seems that rsync always maps user/group name to ids. we can see that in function recv_ida_entries(ida_entries *ent, int f) in acls.c, if data sent from remote end contains user/group name info, it will always map that user/group name to local id, never honour the --numeric-ids option and use the uid/gid from remote end directly. This patch should fix this problem. tested on: fedora 14 i386 CentOS 5.5 x86_64 -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 09:22 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
--- Comment #2 from Curu Wong <prinbra at gmail.com> 2011-03-18 09:22:58
UTC ---
Comment on attachment 6303
--> https://bugzilla.samba.org/attachment.cgi?id=6303
rsync ACL numeric-ids option patch
diff -ru rsync-3.0.7.orig/acls.c rsync-3.0.7/acls.c
--- rsync-3.0.7.orig/acls.c 2011-03-18 16:33:10.000000000 +0800
+++ rsync-3.0.7/acls.c 2011-03-18 16:37:10.000000000 +0800
@@ -696,10 +696,14 @@
uint32 access = recv_acl_access(&has_name, f);
if (has_name) {
+ id_t id_orig = id;
if (access & NAME_IS_USER)
id = recv_user_name(f, id);
else
id = recv_group_name(f, id, NULL);
+ //don't map uid/gid when --numeric-ids option is set
+ if (numeric_ids)
+ id = id_orig;
} else if (access & NAME_IS_USER) {
if (inc_recurse && am_root && !numeric_ids)
id = match_uid(id);
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 09:31 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
Curu Wong <prinbra at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #6303|0 |1
is obsolete| |
--- Comment #3 from Curu Wong <prinbra at gmail.com> 2011-03-18 09:31:44
UTC ---
Created attachment 6304
--> https://bugzilla.samba.org/attachment.cgi?id=6304
should use id_t instead of int for uid/gid value.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 12:49 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020 --- Comment #4 from Kevin Korb <rsync at sanitarium.net> 2011-03-18 12:49:22 UTC --- The patch does solve my problem. Thank you. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 21:57 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
Wayne Davison <wayned at samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #6304|0 |1
is obsolete| |
--- Comment #5 from Wayne Davison <wayned at samba.org> 2011-03-18
21:57:13 UTC ---
Created attachment 6334
--> https://bugzilla.samba.org/attachment.cgi?id=6334
Don't send names for ACL IDs w/--numeric-ids option
Instead of ignoring the names, the sender should not be sending names. This
matches how normal owner/group sending happens with --numeric-ids.
Thanks for the suggested patch, though!
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 21:58 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
Wayne Davison <wayned at samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Version|3.0.7 |3.0.8
Resolution| |FIXED
--- Comment #6 from Wayne Davison <wayned at samba.org> 2011-03-18
21:58:18 UTC ---
Fixed in git.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-18 22:13 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020
Kevin Korb <rsync at sanitarium.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|3.0.8 |3.0.7
--- Comment #7 from Kevin Korb <rsync at sanitarium.net> 2011-03-18
22:13:58 UTC ---
The second patch also solves my problem.
I want to point out to anyone else who hits this problem and needs a patch that
the first patch needs only to be applied to the receiver while the second patch
needs only to be applied to the sender. If someone can't patch or upgrade
one
end then the other patch may be useful to them.
Thanks again.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Mar-21 13:19 UTC
[Bug 8020] --acls does not honor --numeric-ids if UIDs do not match
https://bugzilla.samba.org/show_bug.cgi?id=8020 --- Comment #8 from Curu Wong <prinbra at gmail.com> 2011-03-21 13:19:10 UTC --- (In reply to comment #5)> Created attachment 6334 [details] > Don't send names for ACL IDs w/--numeric-ids option > > Instead of ignoring the names, the sender should not be sending names. This > matches how normal owner/group sending happens with --numeric-ids. > > Thanks for the suggested patch, though!This patch is more elegant :) . -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.