GNU bug report logs - #9446
cp: acl preservation problem on FreeBSD 8.1

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: coreutils; Reported by: Torbjorn Granlund <tg@HIDDEN>; dated Mon, 5 Sep 2011 23:03:01 UTC; Maintainer for coreutils is bug-coreutils@HIDDEN.
Changed bug title to 'cp: acl preservation problem on FreeBSD 8.1' from 'Bug in cp (or strange behaviour and unclear documentation)' Request was from Assaf Gordon <assafgordon@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 9446 <at> debbugs.gnu.org:


Received: (at 9446) by debbugs.gnu.org; 6 Sep 2011 09:08:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 05:08:24 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1R0rdm-0004Ol-T7
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2011 05:08:23 -0400
Received: from smtp2go.com ([207.58.142.213])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <P@HIDDEN>) id 1R0rdk-0004Od-Ng
	for 9446 <at> debbugs.gnu.org; Tue, 06 Sep 2011 05:08:21 -0400
Message-ID: <4E65E219.4010802@HIDDEN>
Date: Tue, 06 Sep 2011 10:04:25 +0100
From: =?ISO-8859-1?Q?P=E1draig_Brady?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:5.0) Gecko/20110707 Thunderbird/5.0
MIME-Version: 1.0
To: Jim Meyering <jim@HIDDEN>
Subject: Re: bug#9446: Bug in cp (or strange behaviour and unclear
	documentation)
References: <86zkiirdt0.fsf@HIDDEN> <877h5m4094.fsf@HIDDEN>
In-Reply-To: <877h5m4094.fsf@HIDDEN>
X-Enigmail-Version: 1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.6 (--)
X-Debbugs-Envelope-To: 9446
Cc: 9446 <at> debbugs.gnu.org, Torbjorn Granlund <tg@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.6 (--)

On 09/06/2011 08:07 AM, Jim Meyering wrote:
> Torbjorn Granlund wrote:
>> On FreeBSD (tested on 8.1, but exact version is unlikely relevant)
>> copying a file from a ZFS file system to a tmpfs or tmpmfs filesystem,
>> the -p option causes cp to return with a non-zero exit status.
>>
>> Sample run:
>>
>> $ cp -p /etc/profile /tmp/foo || echo non-zero exit
>> cp: preserving permissions for `/tmp/foo': Invalid argument
>> non-zero exit
>>
>> Some debugging shows that the function acl_access_nontrivial returns 1,
>> caused by the tag ACL_EVERYONE.  (It is present in every file by
>> default.)
>>
>> ACLs are not supported on FreeBSD's tmpfs or tmpmfs file system types.
>>
>> Perhaps this failure is intentional?  Then it should be clearly
>> documented for the -p/--preserve option.  I have read it carefully, and
>> I cannot see support for the observed behaviour.
>>
>> Consider what happens under -p when copying a file owned by somebody
>> else.  The used and group owners can then not (typically) be preserved.
>> This is not considered an error in cp.
>>
>> Similarly, when copying a file with the setuid bit set, and the user is
>> changed (per above) the setuid bit is not preserved, and this is also
>> not considered an error by cp.
>>
>> The failure to preserve (partial) ACL data should IMHO not be considered
>> an error, except perhaps under some --preserve=blah options, where blah
>> denoted preservation of exactly this.
> 
> Hi!
> Long time ;-)
> 
> ACL-preservation has always been lumped in with the
> permission-preservation that you get with cp's "-p".
> However, that is not POSIX-mandated.
> 
> This is the responsible code in copy.c:
> 
>   if (x->preserve_mode || x->move_mode)
>     {
>       if (copy_acl (src_name, -1, dst_name, -1, src_mode) != 0
>           && x->require_preserve)
>         return false;
>     }
> 
> However, upon copy_acl failure, rather than simply returning false, it
> might be ok to return true for EINVAL, or even to perform a relatively
> expensive test (the first time for each FS) to see if the failure is
> due to lack of ACL support in the destination file system.
> 
> I'm less inclined to add a separate --preserve=acl option, because
> that would involve a behavior change (of not copying ACLs by default).

I agree. It's like ACLs span both --preserve=mode and --preserve=xattrs (if possible).
The trivial ACLs are already made optional within copy_acl()
assuming I suppose that the dest will record this info anyway.

So what to do if other ACLs can't be preserved.
Ideally I think we'd like to:
  1. Warn once per cp invocation about unpreserved non trivial ACLs
  2. With --verbose, warn per file, which ACLs were not preserved.
  3. if !ACL_NOT_WELL_SUPPORTED(errno) exit 1

As an interim measure we could just do 3, which would give
many non specific "preserving permissions" errors,
but at least exit appropriately.

cheers,
Pádraig.
Information forwarded to owner <at> debbugs.gnu.org, bug-coreutils@HIDDEN:
bug#9446; Package coreutils. Full text available.

Message received at 9446 <at> debbugs.gnu.org:


Received: (at 9446) by debbugs.gnu.org; 6 Sep 2011 07:11:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 06 03:11:29 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1R0poe-0004lJ-T7
	for submit <at> debbugs.gnu.org; Tue, 06 Sep 2011 03:11:29 -0400
Received: from mx1.redhat.com ([209.132.183.28])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <jim@HIDDEN>) id 1R0poZ-0004l8-C5
	for 9446 <at> debbugs.gnu.org; Tue, 06 Sep 2011 03:11:25 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8677b8N007580
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 6 Sep 2011 03:07:37 -0400
Received: from mx.meyering.net (ovpn01.gateway.prod.ext.phx2.redhat.com
	[10.5.9.1])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id p8677Z7x006856; Tue, 6 Sep 2011 03:07:36 -0400
Received: from rho.meyering.net (localhost.localdomain [127.0.0.1])
	by rho.meyering.net (Acme Bit-Twister) with ESMTP id 7927D6007F;
	Tue,  6 Sep 2011 09:07:35 +0200 (CEST)
From: Jim Meyering <jim@HIDDEN>
To: Torbjorn Granlund <tg@HIDDEN>
Subject: Re: bug#9446: Bug in cp (or strange behaviour and unclear
	documentation)
In-Reply-To: <86zkiirdt0.fsf@HIDDEN> (Torbjorn Granlund's message of
	"Mon, 05 Sep 2011 21:26:19 +0200")
References: <86zkiirdt0.fsf@HIDDEN>
Date: Tue, 06 Sep 2011 09:07:35 +0200
Message-ID: <877h5m4094.fsf@HIDDEN>
Lines: 56
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Spam-Score: -10.5 (----------)
X-Debbugs-Envelope-To: 9446
Cc: 9446 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -10.5 (----------)

Torbjorn Granlund wrote:
> On FreeBSD (tested on 8.1, but exact version is unlikely relevant)
> copying a file from a ZFS file system to a tmpfs or tmpmfs filesystem,
> the -p option causes cp to return with a non-zero exit status.
>
> Sample run:
>
> $ cp -p /etc/profile /tmp/foo || echo non-zero exit
> cp: preserving permissions for `/tmp/foo': Invalid argument
> non-zero exit
>
> Some debugging shows that the function acl_access_nontrivial returns 1,
> caused by the tag ACL_EVERYONE.  (It is present in every file by
> default.)
>
> ACLs are not supported on FreeBSD's tmpfs or tmpmfs file system types.
>
> Perhaps this failure is intentional?  Then it should be clearly
> documented for the -p/--preserve option.  I have read it carefully, and
> I cannot see support for the observed behaviour.
>
> Consider what happens under -p when copying a file owned by somebody
> else.  The used and group owners can then not (typically) be preserved.
> This is not considered an error in cp.
>
> Similarly, when copying a file with the setuid bit set, and the user is
> changed (per above) the setuid bit is not preserved, and this is also
> not considered an error by cp.
>
> The failure to preserve (partial) ACL data should IMHO not be considered
> an error, except perhaps under some --preserve=blah options, where blah
> denoted preservation of exactly this.

Hi!
Long time ;-)

ACL-preservation has always been lumped in with the
permission-preservation that you get with cp's "-p".
However, that is not POSIX-mandated.

This is the responsible code in copy.c:

  if (x->preserve_mode || x->move_mode)
    {
      if (copy_acl (src_name, -1, dst_name, -1, src_mode) != 0
          && x->require_preserve)
        return false;
    }

However, upon copy_acl failure, rather than simply returning false, it
might be ok to return true for EINVAL, or even to perform a relatively
expensive test (the first time for each FS) to see if the failure is
due to lack of ACL support in the destination file system.

I'm less inclined to add a separate --preserve=acl option, because
that would involve a behavior change (of not copying ACLs by default).
Information forwarded to owner <at> debbugs.gnu.org, bug-coreutils@HIDDEN:
bug#9446; Package coreutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 5 Sep 2011 23:02:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 05 19:02:57 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1R0iBs-0005v6-Ep
	for submit <at> debbugs.gnu.org; Mon, 05 Sep 2011 19:02:57 -0400
Received: from eggs.gnu.org ([140.186.70.92])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <tg@HIDDEN>) id 1R0es0-00086x-0B
	for submit <at> debbugs.gnu.org; Mon, 05 Sep 2011 15:30:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tg@HIDDEN>) id 1R0eoK-0003NA-HA
	for submit <at> debbugs.gnu.org; Mon, 05 Sep 2011 15:26:28 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable version=3.3.1
Received: from lists.gnu.org ([140.186.70.17]:59905)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tg@HIDDEN>) id 1R0eoK-0003N6-Fk
	for submit <at> debbugs.gnu.org; Mon, 05 Sep 2011 15:26:24 -0400
Received: from eggs.gnu.org ([140.186.70.92]:55883)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tg@HIDDEN>) id 1R0eoJ-0002OZ-Fu
	for bug-coreutils@HIDDEN; Mon, 05 Sep 2011 15:26:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tg@HIDDEN>) id 1R0eoI-0003Ml-J2
	for bug-coreutils@HIDDEN; Mon, 05 Sep 2011 15:26:23 -0400
Received: from gmplib-02.nada.kth.se ([130.237.222.242]:30681
	helo=shell.gmplib.org) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tg@HIDDEN>) id 1R0eoI-0003MW-EA
	for bug-coreutils@HIDDEN; Mon, 05 Sep 2011 15:26:22 -0400
Received: by shell.gmplib.org (Postfix, from userid 1001)
	id 9A4357703; Mon,  5 Sep 2011 21:26:19 +0200 (CEST)
To: bug-coreutils@HIDDEN
Subject: Bug in cp (or strange behaviour and unclear documentation)
From: Torbjorn Granlund <tg@HIDDEN>
Date: Mon, 05 Sep 2011 21:26:19 +0200
Message-ID: <86zkiirdt0.fsf@HIDDEN>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.17
X-Spam-Score: -6.6 (------)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Mon, 05 Sep 2011 19:02:55 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -6.6 (------)

On FreeBSD (tested on 8.1, but exact version is unlikely relevant)
copying a file from a ZFS file system to a tmpfs or tmpmfs filesystem,
the -p option causes cp to return with a non-zero exit status.

Sample run:

$ cp -p /etc/profile /tmp/foo || echo non-zero exit
cp: preserving permissions for `/tmp/foo': Invalid argument
non-zero exit

Some debugging shows that the function acl_access_nontrivial returns 1,
caused by the tag ACL_EVERYONE.  (It is present in every file by
default.)

ACLs are not supported on FreeBSD's tmpfs or tmpmfs file system types.

Perhaps this failure is intentional?  Then it should be clearly
documented for the -p/--preserve option.  I have read it carefully, and
I cannot see support for the observed behaviour.

Consider what happens under -p when copying a file owned by somebody
else.  The used and group owners can then not (typically) be preserved.
This is not considered an error in cp.

Similarly, when copying a file with the setuid bit set, and the user is
changed (per above) the setuid bit is not preserved, and this is also
not considered an error by cp.

The failure to preserve (partial) ACL data should IMHO not be considered
an error, except perhaps under some --preserve=3Dblah options, where blah
denoted preservation of exactly this.

--=20
Torbj=F6rn

(Since I am the original author of cp, I suppose I should really fix the
problem myself.  But I think the ACL stuff was added later, and I am not
familiar with it.)
Acknowledgement sent to Torbjorn Granlund <tg@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-coreutils@HIDDEN. Full text available.
Report forwarded to owner <at> debbugs.gnu.org, bug-coreutils@HIDDEN:
bug#9446; Package coreutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.