I have problematic permissions and ACL issues [WorkAround]

All your general support questions for OpenZFS on OS X.

I have problematic permissions and ACL issues [WorkAround]

Postby incumbent » Fri Apr 29, 2016 5:58 am

I originally opened an issue against the repository on Github because I didn't realize the extent of my problem. I'm opening a thread here to see if anyone has any ideas on how to un-eff my filesystem ACLs.

I'm running OS X 10.11.4, and have Server.app installed. I use Caching Server and have fiddled with Xcode Server and buildbots, and I've also monkeyed with other aspects of the Server app but I don't use OpenDirectory. I do however have a samba4 AD server/kdc on a Raspberry Pi that this workstation is bound to.

Username 'emory' is a local user on the workstation that is running OpenZFS on OS X.

I have permissions issues when doing even `ls -la /$mountpoint` but finder browsing is not working as expected and I think it's because of that. I've recently done the following:

Code: Select all
emory@anustart ⑄ ~
✰  sudo chmod -R -N /Eyrie
Password:
User:5.22s Kernel:349.15s REAL:576.05s CPU:61% sudo chmod -R -N /Eyrie
emory@anustart ⑄ ~
✰  ls -lae /Eyrie
ls: ..: Permission denied
total 520
drwxrwxrwt@ 9 root  staff       9 Apr 28 10:12 ./
drwx------  5 root  staff       5 Apr 26 10:05 .Spotlight-V100/
d-wx-wx-wt  2 root  staff       2 Apr 25 08:44 .Trashes/
-rw-------  1 root  staff  239735 Apr 25 08:44 .VolumeIcon.icns
drwx------  5 root  staff       5 Apr 26 12:59 .fseventsd/
drwxrwxr-x@ 6 root  staff       6 Apr 25 12:12 zgroups/
drwxr-xr-x@ 9 root  staff       9 Apr 26 12:55 zshared/
drwxr-xr-x@ 9 root  staff       9 Apr 28 20:35 zusers/
-> [1]
emory@anustart ⑄ ~
✰  sudo ls -lae /Eyrie
Password:
total 520
drwxrwxrwt@  9 root  staff       9 Apr 28 10:12 .
drwxr-xr-x  47 root  wheel    1666 Apr 29 07:30 ..
drwx------   5 root  staff       5 Apr 26 10:05 .Spotlight-V100
d-wx-wx-wt   2 root  staff       2 Apr 25 08:44 .Trashes
-rw-------   1 root  staff  239735 Apr 25 08:44 .VolumeIcon.icns
drwx------   5 root  staff       5 Apr 26 12:59 .fseventsd
drwxrwxr-x@  6 root  staff       6 Apr 25 12:12 zgroups
drwxr-xr-x@  9 root  staff       9 Apr 26 12:55 zshared
drwxr-xr-x@  9 root  staff       9 Apr 28 20:35 zusers


So I have no idea why `..` is giving an error on permissions, but I feel like it's the root cause of the other permissions and ACL issues I have on `cloister`, which `Eyrie` is a dataset of.
Last edited by incumbent on Thu May 12, 2016 9:22 am, edited 1 time in total.
incumbent
 
Posts: 40
Joined: Mon Apr 25, 2016 8:52 am

Re: I have problematic permissions and ACL shenanigans on zp

Postby incumbent » Fri Apr 29, 2016 7:27 pm

Current mood: Annoyed

Once I go traversing a few directories deep the permissions seem be better. e.g. they look fine here, but start to get broken the closer I get to the top:
Code: Select all
emory@anustart ⑄ ~
✰  ls -la /cloister/opt/homebrew-cask/Caskroom/rust
total 20
drwx------   4 emory  emory   4 Apr 29 09:17 ./
drwx------  12 emory  emory  12 Apr 29 19:03 ../
drwx------   3 emory  emory   3 Apr 29 09:17 .metadata/
drwx------   3 emory  emory   3 Apr 29 09:16 1.8.0/
emory@anustart ⑄ ~
✰  ls -lae /cloister/opt/homebrew-cask/Caskroom/rust
total 20
drwx------   4 emory  emory   4 Apr 29 09:17 ./
drwx------  12 emory  emory  12 Apr 29 19:03 ../
drwx------   3 emory  emory   3 Apr 29 09:17 .metadata/
drwx------   3 emory  emory   3 Apr 29 09:16 1.8.0/
emory@anustart ⑄ ~
✰  ls -lae /cloister/opt/homebrew-cask/Caskroom/
total 28
drwx------  12 emory  emory  12 Apr 29 19:03 ./
drwxr-xr-x@  5 emory  emory   5 Apr 25 09:59 ../
drwx------   4 emory  emory   4 Apr 28 22:01 amazon-cloud-drive/
drwx------   4 emory  emory   4 Apr 29 09:14 cargo/
drwx------   4 emory  emory   4 Apr 29 19:03 google-cloud-sdk/
drwx------   4 emory  emory   4 Apr 28 22:02 handbrakecli/
drwx------   4 emory  emory   4 Apr 28 22:02 hazel/
drwx------   4 emory  emory   4 Apr 28 22:04 qlcolorcode/
drwx------   4 emory  emory   4 Apr 29 09:17 rust/
drwx------   4 emory  emory   4 Apr 28 22:02 sublercli/
drwx------   4 emory  emory   4 Apr 26 13:02 vlc/
drwx------   4 emory  emory   4 Apr 28 21:52 vmware-fusion/
emory@anustart ⑄ ~
✰  ls -lae /cloister/opt/homebrew-cask/
ls: ..: Permission denied
total 468
drwxr-xr-x@  5 emory  emory       5 Apr 25 09:59 ./
d-wx-wx-wt   2 emory  emory       2 Apr 25 09:50 .Trashes/
-rw-------   1 emory  emory  239735 Apr 25 09:50 .VolumeIcon.icns
drwx------  12 emory  emory      12 Apr 29 19:03 Caskroom/


I'm not even sure it's a permissions issue — I've used a couple of other file managers and even sandboxed ones work better than Finder. The issue of course is that open/save dialogs have the same restrictions that Finder is enforcing so it doesn't really matter that I can use Caravelle to navigate the dataset.
incumbent
 
Posts: 40
Joined: Mon Apr 25, 2016 8:52 am

Re: I have problematic permissions and ACL shenanigans on zp

Postby incumbent » Mon May 02, 2016 6:43 am

An interesting update — reinstalled OS X on the system drive and installed OpenZFS and the problem persists. It seems to be related to permissions but they all look fine. I've been re-creating datasets and renaming previous ones that were > 2 levels deep in the filesystem into new locations and the problem goes away.

Not remotely clear on the root cause still.
incumbent
 
Posts: 40
Joined: Mon Apr 25, 2016 8:52 am

Re: I have problematic permissions and ACL shenanigans on zp

Postby incumbent » Thu May 12, 2016 9:21 am

I reinstalled the OS completely on this workstation, reinstalled the binary release of OpenZFS 1.5.2, and the problem persisted.

I discovered that I could recreate datasets on the pool that didn't have this behavior however, and this time did not use `zfs send/receive` to move dataset contents, but elected to use `rsync` or `ditto` to move files around. The problem is "solved" because of this, but I still don't know what the root cause of my permissions issue was/is and how to avoid it in the future. The "permission denied '..'" is the tell-tale sign, but Finder not allowing me to traverse the filesystem was the other indicator.

If it happens again I'll be more aggressive in getting assistance to diagnose/debug and get a better explanation. For now, I'm just going to pretend it never happened and chalk it up to sun spots like any other BOFH would.
incumbent
 
Posts: 40
Joined: Mon Apr 25, 2016 8:52 am


Return to General Help

Who is online

Users browsing this forum: No registered users and 26 guests