[OMV 0.5] Error setting ACLs on shares

TrololoAllTheBugs · 27. August 2013

Hi,

after upgrade to OMV 0.5 users now can't access shares, cifs and nfs.
Note: I joined OMV to MS Active Directory.
Domain users group has access to shares and should give users the permission to read and write to the share, which worked with v0.4.

Error setting ACLs in GUI:

Code

Failed to execute command 'export LANG=C; setfacl --remove-all --recursive -m 'default:user:[long user list]' '/media/[uuid]/software//' 2>&1': setfacl: Option -m: Invalid argument near character 2861

This error did not happen with v0.4 when changing ACLs.

Same error with OMV specific output:

Code

Error #4000:
exception 'OMVException' with message 'Failed to execute command 'export LANG=C; setfacl --remove-all --recursive -m 'default:user:[long user list]' '/media/[uuid]/software//' 2>&1': setfacl: Option -m: Invalid argument near character 2861' in /usr/share/openmediavault/engined/rpc/sharemgmt.inc:1007
Stack trace:
#0 [internal function]: OMVRpcServiceShareMgmt->setFileACL(Array, Array)
#1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
#2 /usr/share/php/openmediavault/rpc.inc(62): OMVRpcServiceAbstract->callMethod('setFileACL', Array, Array)
#3 /usr/sbin/omv-engined(495): OMVRpc::exec('ShareMgmt', 'setFileACL', Array, Array, 1)
#4 {main}

Output of getfacl on a share directory:

Code

# file: software/
# owner: root
# group: users
user::rwx
group::rwx
group:domänen-benutzer:rwx
mask::rwx
other::---

TrololoAllTheBugs · 27. August 2013

Looking at different and older bugs with ACLs ... is it possible that the user list is just to long? And is this an error related to OMV (GUI framework change) or the ACL project? I doubt the later, because it worked before ...

Solo0815 · 27. August 2013

Did you upgrade to 0.5.2.?

votdev · 27. August 2013

The latest update does not fix this issue. It is really hard to debug this problem, but i assume it must something to do with the length of the command => near character 2861 => This is a really long list of users/groups.

votdev · 27. August 2013

TrololoAllTheBugs Can you do some debugging?

1. Update to 0.5.2 or later
2. Edit /etc/default/openmediavault. Set 'OMV_DEBUG_PHP' to 'YES'.
3. Edit /usr/share/openmediavault/engined/rpc/sharemgmt.inc. Go to line 1006. Replace code with

Code

// Execute command to set the file access control lists.
			$cmd = sprintf("export LANG=C; setfacl %s %s 2>&1",
			  implode(" ", $cmdargs), escapeshellarg(sprintf("%s/%s",
			  $sfpath, $params['file'])));
			$this->debug(var_export($cmd, TRUE)); // <-------------------------- important line
			if(0 !== $this->exec($cmd, $output, $bgOutputFilename)) {
				throw new OMVException(OMVErrorMsg::E_EXEC_FAILED,
				  $cmd, implode("\n", $output));
			}

4. Execute command

Code

monit restart omv-engined

5. Execute command

Code

tail -f /tmp/openmediavault_debug_php.log

6. Go to the Shared Folder ACL dialog and make your changes.
7. You should get some output in the debug log file like:

Code

Tue, 27 Aug 13 20:10:03 +0200 File: sharemgmt.inc Line: 1006 Method: OMVRpcServiceShareMgmt::setFileACL() Message: 'export LANG=C; setfacl -m \'default:user:test:7,user:test:7,default:user:test2:5,user:test2:5,default:user:vot:5,user:vot:5,default:user:admin:0,user:admin:0,default:user:avahi:0,user:avahi:0,default:user:backup:0,user:backup:0,default:user:bin:0,user:bin:0,default:user:clamav:0,user:clamav:0,default:user:daapd:0,user:daapd:0,default:user:daemon:0,user:daemon:0,default:user:ftp:0,user:ftp:0,default:user:games:0,user:games:0,default:user:gnats:0,user:gnats:0,default:user:irc:0,user:irc:0,default:user:libuuid:0,user:libuuid:0,default:user:list:0,user:list:0,default:user:lp:0,user:lp:0,default:user:mail:0,user:mail:0,default:user:man:0,user:man:0,default:user:messagebus:0,user:messagebus:0,default:user:news:0,user:news:0,default:user:nobody:0,user:nobody:0,default:user:ntp:0,user:ntp:0,default:user:nut:0,user:nut:0,default:user:openmediavault:0,user:openmediavault:0,default:user:postfix:0,user:postfix:0,default:user:proftpd:0,user:proftpd:0,default:user:proxy:0,user:proxy:0,default:user:root:0,user:root:0,default:user:snmp:0,user:snmp:0,default:user:squeezeboxserver:0,user:squeezeboxserver:0,default:user:sshd:0,user:sshd:0,default:user:statd:0,user:statd:0,default:user:sync:0,user:sync:0,default:user:sys:0,user:sys:0,default:user:tftp:0,user:tftp:0,default:user:uucp:0,user:uucp:0,default:user:www-data:0,user:www-data:0,default:group:test123:5,group:test123:5,default:group:adm:0,group:adm:0,default:group:audio:0,group:audio:0,default:group:avahi:0,group:avahi:0,default:group:backup:0,group:backup:0,default:group:bin:0,group:bin:0,default:group:cdrom:0,group:cdrom:0,default:group:clamav:0,group:clamav:0,default:group:crontab:0,group:crontab:0,default:group:daemon:0,group:daemon:0,default:group:dialout:0,group:dialout:0,default:group:dip:0,group:dip:0,default:group:disk:0,group:disk:0,default:group:fax:0,group:fax:0,default:group:floppy:0,group:floppy:0,default:group:games:0,group:games:0,default:group:gnats:0,group:gnats:0,default:group:irc:0,group:irc:0,default:group:kmem:0,group:kmem:0,default:group:libuuid:0,group:libuuid:0,default:group:list:0,group:list:0,default:group:lp:0,group:lp:0,default:group:mail:0,group:mail:0,default:group:man:0,group:man:0,default:group:messagebus:0,group:messagebus:0,default:group:netdev:0,group:netdev:0,default:group:news:0,group:news:0,default:group:nogroup:0,group:nogroup:0,default:group:ntp:0,group:ntp:0,default:group:nut:0,group:nut:0,default:group:openmediavault:0,group:openmediavault:0,default:group:operator:0,group:operator:0,default:group:plugdev:0,group:plugdev:0,default:group:postdrop:0,group:postdrop:0,default:group:postfix:0,group:postfix:0,default:group:proxy:0,group:proxy:0,default:group:root:0,group:root:0,default:group:sambashare:0,group:sambashare:0,default:group:sasl:0,group:sasl:0,default:group:shadow:0,group:shadow:0,default:group:snmp:0,group:snmp:0,default:group:src:0,group:src:0,default:group:ssh:0,group:ssh:0,default:group:ssl-cert:0,group:ssl-cert:0,default:group:staff:0,group:staff:0,default:group:sudo:0,group:sudo:0,default:group:sys:0,group:sys:0,default:group:tape:0,group:tape:0,default:group:tftp:0,group:tftp:0,default:group:tty:0,group:tty:0,default:group:users:0,group:users:0,default:group:utmp:0,group:utmp:0,default:group:uucp:0,group:uucp:0,default:group:video:0,group:video:0,default:group:voice:0,group:voice:0,default:group:www-data:0,group:www-data:0,default:user::7,user::7,default:group::7,group::7,default:other::5,other::5\' \'/media/056f77dd-26a1-481e-8b2d-0aff04809d75/test1//\' 2>&1'

8. Post this output or send me an email. The best would be to open a new bug report at bugtracker.openmediavault.org.

pierre-n · 7. September 2013

Hi,

Have you done anything in order to fix that issue in rel. 0.5.8 ?
I had the same behaviour as reported and since the upgrade from 0.5.7 to 0.5.8, it's gone.
Anyway, thank you (all of you) for your work...

tekkb · 7. September 2013

Volker is the best. :mrgreen:

pierre-n · 9. September 2013

Maybe we should mark this thread as solved, shouldn't we?

TrololoAllTheBugs · 8. Januar 2014

I'm sorry Volker, I was too busy to test and check this thread and answer. I'll test it in the next days and report back. I hesitated to update to a newer version because of http://forums.openmediavault.org/viewtopic.php?f=14&t=3419. I didn't want to fuck up that particular production server where I stumbled upon that ACL error.

Buuuuuuut now I don't really care anymore. Maybe I'll get the same error as in the aboved mentioned topic but buggy auto discovery won't have a lot of impact.

PS: Yes, it is quite a long list of users/groups but that's because it's not a simple home setup. That specific machine runs in the lab at the company I'm working at.

ABV · 6. März 2014

I have same problem, but no MS AD used.

When i try change ACL on shared folder there is error:

Code

Failed to execute command 'export LANG=C; setfacl --remove-all -m 'default:user:plex:5,user:plex:5,default:user::7,user::7,default:group::7,group::7,default:other::7,other::7' -- '/media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/' 2>&1': setfacl: /media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/: Operation not supported


Error #4000: exception 'OMVException' with message 'Failed to execute command 'export LANG=C; setfacl --remove-all -m 'default:user:plex:5,user:plex:5,default:user::7,user::7,default:group::7,group::7,default:other::7,other::7' -- '/media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/' 2&gt;&amp;1': setfacl: /media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/: Operation not supported' in /usr/share/openmediavault/engined/rpc/sharemgmt.inc:1011 Stack trace: #0 [internal function]: OMVRpcServiceShareMgmt-&gt;setFileACL(Array, Array) #1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array) #2 /usr/share/php/openmediavault/rpc.inc(62): OMVRpcServiceAbstract-&gt;callMethod('setFileACL', Array, Array) #3 /usr/sbin/omv-engined(495): OMVRpc::exec('ShareMgmt', 'setFileACL', Array, Array, 1) #4 {main}

Because of this, when you create a shared folder i had to choose the right 777 But it's not solution of problem

mbourd25 · 6. März 2014

Hi ABV, I get the same error when trying to do some ACL changes.

Since I can't delete some files that was deleted using Transmission, I just keep getting an error message that my userid doesn't have access to delete these files which is owned by Debian-Transmission, to which my userid has debian-transmission has access.

Is there a way to fix this?

Thanks.

tekkb · 6. März 2014

Did you add your user to the debian-transmission group?

mbourd25 · 6. März 2014

Yes I did. I still get that my user cannot delete files since it's owned by debian-transmission group.

ABV · 7. März 2014

Zitat von "mbourd25"

Hi ABV, I get the same error when trying to do some ACL changes.

I have it from the beginning.
Any idea to fix it?

mbourd25 · 9. März 2014

This is the error message that I get.

Zitat

Error #4000: exception 'OMVException' with message 'Failed to execute command 'export LANG=C; setfacl --remove-all -m 'default:user:&&&&&&:7,user:&&&&&&:7,default:user::7,user::7,default:group::7,group::7,default:other::5,other::5' -- '/media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads//' 2>&1': setfacl: /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads//: Operation not supported' in /usr/share/openmediavault/engined/rpc/sharemgmt.inc:1011 Stack trace: #0 [internal function]: OMVRpcServiceShareMgmt->setFileACL(Array, Array) #1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array) #2 /usr/share/php/openmediavault/rpc.inc(62): OMVRpcServiceAbstract->callMethod('setFileACL', Array, Array) #3 /usr/sbin/omv-engined(495): OMVRpc::exec('ShareMgmt', 'setFileACL', Array, Array, 1) #4 {main}

davidh2k · 9. März 2014

Code

ls -la /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads/
stats /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads

Greetings
David

ABV · 9. März 2014

Code

root@omv:/media# ls -la
итого 32
drwxr-xr-x  8 root           root           4096 Мар  1 11:40 .
drwxr-xr-x 22 root           root           4096 Мар  4 17:53 ..
drwxrwsrwx  7 openmediavault openmediavault 4096 Мар  4 17:33 440a701f-a44c-4d16-8fb5-363e517535e6
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 cdrom
drwx------  2 root           root           4096 Фев 26 11:55 ef14d7cc-977d-49e3-aac9-4085dff8fd7c
drwxr-xr-x  4 root           root           4096 Мар  3 00:15 faf23c85-8832-42fa-9a8a-1b3ffd7d21c7
lrwxrwxrwx  1 root           root              7 Фев 26 00:49 floppy -> floppy0
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 floppy0
lrwxrwxrwx  1 root           root              4 Фев 26 00:49 usb -> usb0
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 usb0

Alles anzeigen

Code

-bash: stats: команда не найдена

0rtega · 9. März 2014

Zitat von "davidh2k"

Code

ls -la /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads/
stats /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads

Greetings
David

The correct command is this:

Code

stat /media/5be1f17f-d7d9-490f-9838-c5938ab9df14/Videos/Downloads

davidh2k · 9. März 2014

Zitat von "ABV"

Code

root@omv:/media# ls -la
итого 32
drwxr-xr-x  8 root           root           4096 Мар  1 11:40 .
drwxr-xr-x 22 root           root           4096 Мар  4 17:53 ..
drwxrwsrwx  7 openmediavault openmediavault 4096 Мар  4 17:33 440a701f-a44c-4d16-8fb5-363e517535e6
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 cdrom
drwx------  2 root           root           4096 Фев 26 11:55 ef14d7cc-977d-49e3-aac9-4085dff8fd7c
drwxr-xr-x  4 root           root           4096 Мар  3 00:15 faf23c85-8832-42fa-9a8a-1b3ffd7d21c7
lrwxrwxrwx  1 root           root              7 Фев 26 00:49 floppy -> floppy0
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 floppy0
lrwxrwxrwx  1 root           root              4 Фев 26 00:49 usb -> usb0
drwxr-xr-x  2 root           root           4096 Фев 26 00:49 usb0

Alles anzeigen

Read again what I wrote. I don't want the rights from /media, you need to go deeper.

Code

-bash: stats: команда не найдена

Sorry, as 0rtega spotted, it is stat.

Greetings
David

ABV · 10. März 2014

Code

root@omv:/media# ls -la /media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/
итого 20
drwxrwsrwx 5 root users 4096 Мар  3 00:16 .
drwxr-xr-x 4 root root  4096 Мар  3 00:15 ..
drwxrwsrwx 5 root users 4096 Мар 10 18:15 Completed
drwxrwsrwx 2 root users 4096 Мар 10 18:19 Incompleted
drwxrwsrwx 2 root users 4096 Мар  3 00:15 Watch

Code

root@omv:/media# stat /media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/
  File: «/media/faf23c85-8832-42fa-9a8a-1b3ffd7d21c7/Torrents/»
  Size: 4096            Blocks: 8          IO Block: 4096   каталог
Device: 811h/2065d      Inode: 18350081    Links: 5
Access: (2777/drwxrwsrwx)  Uid: (    0/    root)   Gid: (  100/   users)
Access: 2014-03-09 23:24:44.780591924 +0400
Modify: 2014-03-03 00:16:57.067416198 +0400
Change: 2014-03-05 17:41:04.700589607 +0400

Jetzt mitmachen!