Menu

#506 File Privilege can't change on Finder.

None
closed
nobody
None
1
2015-02-23
2013-03-14
No

Problem1

  • Owner Privilege change failed When I chagne privileage "read & write" to "read only"
  • "An unexpected error occurred (error -50)" error occured

Log

Mar 14 17:13:38.642730 afpd[20883] {acl.c:111} (E:Default): stat(name, &st) failed: No such file or directory
Mar 14 17:13:38.642839 afpd[20883] {vfs.c:452} (E:Default): remove_acl_vfs(vol->ad_path(path, ADFLAGS_HF)) failed: No such file or directory
Mar 14 17:13:38.642868 afpd[20883] {acls.c:1689} (E:AFPDaemon): afp_setacl: error from remove_acl

Operation

  • Login user1 on OSX.
  • connect netatalk server
  • login as user1
  • put a file (the name is 10m)
  • change privilege from Finder.

afpd -V

# /usr/local/netatalk/sbin/afpd -V
afpd 3.0.3dev - Apple Filing Protocol (AFP) daemon of Netatalk

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.

afpd has been compiled with support for these features:

          AFP versions: 2.2 3.0 3.1 3.2 3.3 
         CNID backends: dbd last tdb 
      Zeroconf support: Avahi
  TCP wrappers support: Yes
         Quota support: Yes
   Admin group support: Yes
    Valid shell checks: Yes
      cracklib support: Yes
            EA support: ad | sys
           ACL support: Yes
          LDAP support: Yes
         D-Bus support: Yes
         DTrace probes: Yes

              afp.conf: /usr/local/netatalk/etc/afp.conf
           extmap.conf: /usr/local/netatalk/etc/extmap.conf
       state directory: /usr/local/netatalk/var/netatalk/
    afp_signature.conf: /usr/local/netatalk/var/netatalk/afp_signature.conf
      afp_voluuid.conf: /usr/local/netatalk/var/netatalk/afp_voluuid.conf
       UAM search path: /usr/local/netatalk/lib/netatalk//
  Server messages path: /usr/local/netatalk/var/netatalk/msg/

File System

# df .
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup-lv_root
                   7781012   6752868    632880  92% /
# mount
/dev/mapper/VolGroup-lv_root on / type ext4 (rw,user_xattr,acl)
# pwd
/home/netatalktest
# ls -l
total 10244
-rwxrwxr-x 1 user1 netatalk 10485760 Mar 14 16:42 10m

Environment

LDAP Server & AFP client

  • OS: OSX 10.8.2

netatalk server

  • Scientific Linux release 6.1

Build

% git clone https://github.com/franklahm/Netatalk.git
% cd Netatalk
% git checkout -b develop origin/develop

% git log
commit 8813338fe4a13634917fe6426ae97f5b14df54e2
Author: Frank Lahm <franklahm@googlemail.com>
Date:   Mon Mar 11 17:19:28 2013 +0100

    Permissions of ._ AppleDouble rfork after conversion from v2 to ea.

    Fixes bug #505.

% ./bootstrap
% ./configure --with-pam-confdir=/etc/pam.d \
            --prefix=/usr/local/netatalk \
            --with-cracklib \
            --with-dtrace \
            --with-init-style=redhat-sysv

% make 
# make install

afp.conf

[Global]
uam list = uams_dhx2.so
ldap auth method = none
ldap server = 192.168.XX.XX
ldap auth dn = uid=diradmin,dc=testserver,dc=example,dc=com
ldap userbase = cn=users,dc=testserver,dc=example,dc=com
ldap userscope = one
ldap groupbase = cn=groups,dc=testserver,dc=example,dc=com
ldap groupscope = one
ldap uuid attr = apple-generateduid
ldap name attr = uid
ldap group attr = cn
log file = /var/log/netatalk.log
log level = default:info

[testvolume]
path = /home/netatalktest
ea = sys
file perm = 0775
directory perm = 0775
search db = yes

OpenDirectory Setup

  • Setup OpenDirectory
  • Create group netatalk
  • Create user user1, user2

LDAP setting

LDAP connection

# set up
Authentication configuration
  User Information
    [*] LDAP
  Authentication
    [*] Use LDAP Authentication

LDAP Settings
  [ ] Use TLS
  Server: ldap://192.168.XX.XX
  Base DN: dc=testserver,dc=example,dc=com

User check

# getent passwd | grep user
user1:x:1025:1026:user1:/Network/Servers/testserver.example.com/Users/user1:/bin/bash
user2:x:1026:1026:user2:/Network/Servers/testserver.example.com/Users/user2:

# getent group | grep netatalk
netatalk:*:1026:

afpldaptest

# ./afpldaptest -u user1
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: user1
User: user1 ==> UUID: 4760199C-D680-4A02-8C73-C273F7C5710D

Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: user2
User: user2 ==> UUID: F1B075D8-4F4C-44AB-8F4D-27F3B8ABA3CD

# ./afpldaptest -g netatalk
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching group: netatalk
Group: netatalk ==> UUID: 917ED05B-4EA8-40C0-8D0E-819AC2D5F4E1

Local User(/etc/passwd on netatalk server)

# ./afpldaptest -u hsato2
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: hsato2
User: hsato2 ==> UUID: FFFFEEEE-DDDD-CCCC-BBBB-AAAA000001F5

Share setting

# mkdir /home/netatalktest
# chown -R user1:netatalk /home/netatalktest 
# chmod 775 /home/netatalktest/
1 Attachments

Discussion

  • Mike

    Mike - 2013-03-15
     

    Last edit: Mike 2013-03-15
  • hiroyuki sato

    hiroyuki sato - 2013-03-16

    Hello developers.

    I've tested (Setting POSIX ACLs on Linux:
    fda81828af6cecf33d82ea0c50f3bbe123c29b02)

    and I still got the following error.

    Mar 16 07:20:25.113547 afpd[2122] {acl.c:111} (E:Default): stat(name,&st) failed: No such file or directory
    

    Please review the following patch.

    And also I've got the following error.

    Mar 16 07:30:14.021026 afpd[4765] {ad_flush.c:298} (E:Default):sys_fsetxattr(ad_data_fileno(ad), AD_EA_META, ad->ad_data,AD_DATASZ_EA, 0) failed: Permission denied
    

    I'll report later about this.

    diff --git a/libatalk/vfs/acl.c b/libatalk/vfs/acl.c
    index c936f17..4d5c174 100644
    --- a/libatalk/vfs/acl.c
    +++ b/libatalk/vfs/acl.c
    @@ -108,7 +108,7 @@ int remove_acl_vfs(const char *name)
    
         /* Remove default ACL if it's a dir */
    -    EC_ZERO_LOG_ERR(stat(name, &st), AFPERR_MISC);
    +    EC_ZERO(stat(name, &st));
         if (S_ISDIR(st.st_mode)) {
             EC_NULL_LOG_ERR(acl = acl_init(0), AFPERR_MISC);
             EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, acl),
    AFPERR_MISC);
    @@ -129,6 +129,8 @@ int remove_acl_vfs(const char *name)
         EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, acl), AFPERR_MISC);
    
     EC_CLEANUP:
    +    if (errno == ENOENT)
    +        EC_STATUS(0);
         if (acl) acl_free(acl);
    
         EC_EXIT;
    
     
  • hiroyuki sato

    hiroyuki sato - 2013-03-16

    I've pasted Mike's post.

    I'm not sure, but I can't read his message on this page.

    Getting the same error when trying to copy certain files from an OS X Client to the Netatalk share being hosted on Linux:

    Mar 15 12:32:45.381437 afpd[7378] {vfs.c:426} (E:Default): acl_set_file(vol->ad_path(path, ADFLAGS_HF), type, acl) failed: No such file or directory
    Mar 15 12:32:45.381736 afpd[7378] {acls.c:1313} (E:Default): vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, access_acl) failed: No such file or directory
    Mar 15 12:32:45.381986 afpd[7378] {acls.c:1710} (W:AFPDaemon): afp_setacl("/srv/afp/Share/201212.ods"): error
    

    Here is my afp.conf:
    ;
    ; Netatalk 3.x configuration file
    ;

    [Global]
    afp listen = XXX.XXX.XXX.XXX
    
    ldap server = server.example.com
    ldap auth method = none
    ldap userbase = cn=users,dc=server,dc=example,dc=com
    ldap userscope = one
    ldap groupbase = cn=groups,dc=server,dc=example,dc=com
    ldap groupscope = one
    ldap uuid attr = apple-generateduid
    ldap name attr = uid
    ldap group attr = cn
    
    k5 keytab = /etc/krb5.keytab
    k5 service = afpserver
    k5 realm = SERVER.EXAMPLE.COM
    
    ;uams_guest.so uams_clrtxt.so uams_randum.so uams_dhx.so uams_dhx2.so uam_gss.so
    uam list = uams_gss.so uams_dhx2_passwd.so uams_guest.so
    uam path = /opt/netatalk/lib/netatalk
    
    disconnect time = 24
    dsireadbuf = 24
    max connections = 200
    sleep time = 10
    tcprcvbuf = 524288
    tcpsndbuf = 524288
    dircachesize = 131072
    keep sessions = no
    mimic model = Xserve
    
    log file = /opt/netatalk/var/log/afpd.log
    ;log level = default:maxdebug
    ;log level = afpdaemon:debug 
    ;log level = logger:debug
    ;log level = uamsdaemon:maxdebug
    
    [Homes]
    basedir regex = /srv/afp/Users
    
    [Users]
    path = /srv/afp/Users
    
    [Groups]
    path = /srv/afp/Groups
    invalid users = nobody
    

    I've compiled 3.0.2, 3.0.3(develop) and 3.0.3(acls-on-adouble) and receive the same error on each version.

     
  • hiroyuki sato

    hiroyuki sato - 2013-03-16

    Hello developers.

    I've tested (Setting POSIX ACLs on Linux:
    fda81828af6cecf33d82ea0c50f3bbe123c29b02)

    and I still got the following error.

    Mar 16 07:20:25.113547 afpd[2122] {acl.c:111} (E:Default): stat(name,
    &st) failed: No such file or directory

    Please review the following patch.

    And also I've got the following error.

    Mar 16 07:30:14.021026 afpd[4765] {ad_flush.c:298} (E:Default):
    sys_fsetxattr(ad_data_fileno(ad), AD_EA_META, ad->ad_data,
    AD_DATASZ_EA, 0) failed: Permission denied

    I'll report later about this.

    diff --git a/libatalk/vfs/acl.c b/libatalk/vfs/acl.c
    index c936f17..4d5c174 100644
    --- a/libatalk/vfs/acl.c
    +++ b/libatalk/vfs/acl.c
    @@ -108,7 +108,7 @@ int remove_acl_vfs(const char *name)

     /* Remove default ACL if it's a dir */
    
    • EC_ZERO_LOG_ERR(stat(name, &st), AFPERR_MISC);
    • EC_ZERO(stat(name, &st));
      if (S_ISDIR(st.st_mode)) {
      EC_NULL_LOG_ERR(acl = acl_init(0), AFPERR_MISC);
      EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, acl),
      AFPERR_MISC);
      @@ -129,6 +129,8 @@ int remove_acl_vfs(const char *name)
      EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, acl), AFPERR_MISC);

    EC_CLEANUP:
    + if (errno == ENOENT)
    + EC_STATUS(0);
    if (acl) acl_free(acl);

     EC_EXIT;
    

    --
    Hiroyuki Sato

     

    Last edit: Ralph Böhme 2013-03-17
  • hiroyuki sato

    hiroyuki sato - 2013-03-17

    Thanks!!

    I'll check it later. please wait.

     
  • hiroyuki sato

    hiroyuki sato - 2013-03-18

    Hello Ralph and Frank.

    I've tested. It works fine. Thanks!!.

     
  • hiroyuki sato

    hiroyuki sato - 2013-03-20

    Could you please tell me how to close this ticket?

     
  • Ralph Böhme

    Ralph Böhme - 2013-03-20

    I'm waiting for feedback from a customer who's testing whether this fixes the same problem he's experiencing on Solaris with ZFS. So let's keep this ticket open til then and til the branch is merge to develop (it is not yet).

     
  • hiroyuki sato

    hiroyuki sato - 2013-03-20

    Hello Ralph.

    Thank you for your reply. OK Thanks.
    By the way, the only administrator can close the ticket?

    Best regards.

     
  • Ralph Böhme

    Ralph Böhme - 2013-03-22
    • status: open --> closed
    • milestone: -->
     

Log in to post a comment.