bug#12020: ls should show when extended system attributes are set

[Eric Blake]

tag 12020 moreinfo
thanks

On 07/21/2012 12:41 PM, Luk Claes wrote:
> Hi
> 
> Currently when using POSIX acls, this is not visible when listing files
> with ls. This means that users and system administrators cannot easily
> see when (non trivial) POSIX acls are in use which obviously can result
> in wrong expectations when only seeing the rwx kind of acls.

What version of coreutils are you using, and on what distro?

> 
> At a minimum I would like that ls would show that extended system
> attributes are being used (maybe by showing something different than -
> for the type of file?).

But ls _does_ already do that.

$ getfacl foo
# file: foo
# owner: eblake
# group: eblake
user::rw-
user:dummy:rw-
group::---
mask::rw-
other::---

$ ls -l foo
-rw-rw----+ 1 eblake eblake 0 Jul 21 15:50 foo
$ setfacl -b foo
$ getfacl foo
# file: foo
# owner: eblake
# group: eblake
user::rw-
group::---
other::---

$ ls -l foo
-rw-------. 1 eblake eblake 0 Jul 21 15:50 foo
$

Notice how the 11th character changed from '+' (ACL present) to '.'
(SELinux label present)?  That is, a trailing '+' is already what
coreutils uses to indicate the presence of ACLs (which generally provide
additional rights); and a trailing '.' indicates the presence of
restrictions (SELinux labels typically restrict rights depending on the
labeling of the calling context).  On systems with neither ACLs nor
SELinux labels, then the 11th character is ' ' (space) to indicate no
other special permissions.

You'll need to provide more information before we can figure out why you
are not finding this information.

-- 
Eric Blake   address@hidden    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature