File upload and posix acl support


I’ve had some files fail to upload and discovered that if the user doesn’t own the folder and isn’t part of the group that owns the folder but does have correct access via posix acls they can’t upload.

Example user trenttest

ls -ld /parth/to/folder
drwxrws—+ 30 other_user <group that trenttest isn’t part of> drwxrws—+ 30

getfacl /parth/to/folder

# file: /parth/to/folder
# owner: other_user
# group: <group that trenttest isn’t part of>
# flags: -s-
group:<group that trenttest is part of>:rwx
default:group:<group that trenttest is part of>:rwx

Is this something that is supported and I haven’t configured things correctly or is it not supported.



I would test in a shell if you can replicate the same behavior. Maybe through touch or cp -R commands.

There’s nothing special about what OOD is doing, so I suspect you wouldn’t be able to touch or similar in a shell in that same directory. Can you try to replicate creating files in that same directory with that same user interactively in a shell?

If you can actually do the same thing in a shell, then we may have some larger issue on our side, but I suspect you won’t be able to.

Thanks for the reply Jeff.

I did a test with touch which worked fine. I did a test with cp -R with a directory with 1 file in it and that also worked fine. I did these tests in the interactive shell in OOD.

If there are any other tests or logs that I could send that would help please let me know.



OK - then there must be a bug on our side. I’ll look into this a little more and try to replicate. Can you provide the set_facl you used to modify folder?

I can probably infer it from the initial comment, but I’m not super great at FACLs.


I did more testing and the problem isn’t quite as I described. Even though the dialog box shows failure, the actual file uploads. I think it fails setting the inherited group and permissions though. Creating files and folders via the UI works fine and sets all permissions correctly. See screenshots. “tests.rtf” was uploaded and produced the failure notification. test_dir and test_file were created with UI and have the correct permissions.

ls -l
total 2
drwxrws---+ 2 trenttest svi-hge-trenttest_project-backedup    0 Mar 22 10:29 test_dir
-rw-rw----+ 1 trenttest svi-hge-trenttest_project-backedup    0 Mar 22 10:30 test_file
-rw-r--r--+ 1 trenttest domain users                       1090 Mar 22 10:25 tests.rtf

Here are the steps I took to create that directory for testing.

mkdir backed_up
chgrp svi-hge-trenttest_project-backedup backed_up/
chmod 3770 backed_up/
setfacl -b backed_up/
setfacl -m u::rwx backed_up/
setfacl -d -m u::rwx backed_up/
setfacl -m g::rwx backed_up/
setfacl -d -m g::rwx backed_up/
setfacl -m g:svi-hge-trenttest_project:rwx backed_up/
setfacl -d -m g:svi-hge-trenttest_project:rwx backed_up/

The user trenttest is part of svi-hge-trenttest_project but not svi-hge-trenttest_project-backedup