which-bugs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Not Following POSIX ACLs

From: Carlo Wood
Subject: Re: Not Following POSIX ACLs
Date: Wed, 2 Mar 2016 20:18:10 +0100 
I suppose your 'grep acl /proc/mounts' isn't empty?
For me it is...

On Wed, 02 Mar 2016 10:58:23 -0500
Sean Elble <address@hidden> wrote:

> On 02.03.2016 10:40, Carlo Wood wrote:
> > I must admit that I never heard of setfacl before, is that different
> > from chmod?
> 
> Yessir.  POSIX ACLs are handled by setfacl, which allow more 
> fine-grained permissions than traditional UNIX permissions (managed
> with chmod).
> 
> > 
> > Nevertheless, as which prints:
> > 
> > /usr/bin/which: no hive in
> > (/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin)
> > 
> > it is not in your PATH (the current directly, where hive is,
> > is /usr/hdp/current/hive-client/bin ... So, I'm not surprised
> > that GNU which doesn't find it, but I *am* surprised that bash
> > find it. Can you also include the output of 'which which' please?
> 
> Sorry, I should have been clearer on this point.  There is a "hive" 
> binary in the path, but it just happens to be a symlink:
> 
> address@hidden ~]# which hive
> /usr/bin/hive
> address@hidden ~]# ll /usr/bin/hive
> lrwxrwxrwx 1 root root 37 Nov  5 18:09 /usr/bin/hive -> 
> /usr/hdp/current/hive-client/bin/hive
> 
> As to the output of "which which":
> 
> address@hidden ~]# which which
> alias which='alias | /usr/bin/which --tty-only --read-alias
> --show-dot --show-tilde'
>       /usr/bin/which
> 
> Please let me know if there is any other information I can provide.
> 
> Thanks,
> 
> Sean
> 
> > 
> > On Mon, 08 Feb 2016 11:31:39 -0500
> > Sean Elble <address@hidden> wrote:
> > 
> >> Hi,
> >> 
> >> I ran into an odd issue this morning that surprised me, in that
> >> "which" doesn't seem to respect or follow the POSIX ACL bit.  For
> >> example:
> >> 
> >> address@hidden ~]# cd /usr/hdp/current/hive-client/bin
> >> address@hidden bin]# setfacl -m u:hive:rx hive
> >> address@hidden bin]# ll hive
> >> -rwxr-x---+ 1 root root  578 Sep 23 22:06 hive
> >> address@hidden bin]# su - hive
> >> -bash-4.1$ which hive
> >> /usr/bin/which: no hive in
> >> (/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin)
> >> -bash-4.1$ hive
> >> 16/02/08 10:43:53 WARN conf.HiveConf: HiveConf of name
> >> hive.optimize.mapjoin.mapreduce does not exist
> >> 
> >> In short, I removed the all other permissions from the file,
> >> allowed the "hive" user to read and execute
> >> "/usr/hdp/current/hive-client/bin/hive", and though the "hive" user
> >> can indeed execute the binary (as allowed by POSIX ACL), "which"
> >> does not recognize it as an executable file for this user.
> >> 
> >> Somewhat surprisingly, I haven't found anyone else reporting this
> >> issue in searching around a bit, but perhaps my Google-fu is
> >> failing me on what is very much a Monday morning.
> >> 
> >> Can anyone shed some light on this?  Is this something that is
> >> supported or may be supported at some point?  Please do CC me on
> >> replies, as I am not subscribed to this list.
> >> 
> >> Thanks,
> >> 
> >> Sean Elble
> >> 



-- 
Carlo Wood <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]