[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Not Following POSIX ACLs
From: |
Sean Elble |
Subject: |
Re: Not Following POSIX ACLs |
Date: |
Wed, 02 Mar 2016 10:58:23 -0500 |
User-agent: |
Roundcube Webmail/0.8.4 |
On 02.03.2016 10:40, Carlo Wood wrote:
I must admit that I never heard of setfacl before, is that different
from chmod?
Yessir. POSIX ACLs are handled by setfacl, which allow more
fine-grained permissions than traditional UNIX permissions (managed with
chmod).
Nevertheless, as which prints:
/usr/bin/which: no hive in
(/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin)
it is not in your PATH (the current directly, where hive is,
is /usr/hdp/current/hive-client/bin ... So, I'm not surprised
that GNU which doesn't find it, but I *am* surprised that bash
find it. Can you also include the output of 'which which' please?
Sorry, I should have been clearer on this point. There is a "hive"
binary in the path, but it just happens to be a symlink:
address@hidden ~]# which hive
/usr/bin/hive
address@hidden ~]# ll /usr/bin/hive
lrwxrwxrwx 1 root root 37 Nov 5 18:09 /usr/bin/hive ->
/usr/hdp/current/hive-client/bin/hive
As to the output of "which which":
address@hidden ~]# which which
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot
--show-tilde'
/usr/bin/which
Please let me know if there is any other information I can provide.
Thanks,
Sean
On Mon, 08 Feb 2016 11:31:39 -0500
Sean Elble <address@hidden> wrote:
Hi,
I ran into an odd issue this morning that surprised me, in that
"which" doesn't seem to respect or follow the POSIX ACL bit. For
example:
address@hidden ~]# cd /usr/hdp/current/hive-client/bin
address@hidden bin]# setfacl -m u:hive:rx hive
address@hidden bin]# ll hive
-rwxr-x---+ 1 root root 578 Sep 23 22:06 hive
address@hidden bin]# su - hive
-bash-4.1$ which hive
/usr/bin/which: no hive in
(/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin)
-bash-4.1$ hive
16/02/08 10:43:53 WARN conf.HiveConf: HiveConf of name
hive.optimize.mapjoin.mapreduce does not exist
In short, I removed the all other permissions from the file, allowed
the "hive" user to read and execute
"/usr/hdp/current/hive-client/bin/hive", and though the "hive" user
can indeed execute the binary (as allowed by POSIX ACL), "which" does
not recognize it as an executable file for this user.
Somewhat surprisingly, I haven't found anyone else reporting this
issue in searching around a bit, but perhaps my Google-fu is failing
me on what is very much a Monday morning.
Can anyone shed some light on this? Is this something that is
supported or may be supported at some point? Please do CC me on
replies, as I am not subscribed to this list.
Thanks,
Sean Elble