I can’t help but share my Simpson’s nerddom.
It’s from a recent trip to Europe (this was in Prague)… I had to take a picture when I saw it.
Author: rthomson
POSIX Default ACLs, umask and Project Directories
I’ve recently come across a situation where the inherent design of POSIX ACLs has left me scratching my head for a solution to the problem of setting up a “project” or “group share” directory on Linux. The problem is as follows: We have several different projects or groups that desire a directory where any and every file created, copied or moved to said directory will become owned by a particular group and have group read/write permissions set automatically.
Most of the problem is solved through age-old UNIX techniques. For group ownership, all we need to do is setup the top-level directory to be owned by the “project” or “group share” group and setgid the directory:
$ mkdir project1 $ chown .projgroup project1 $ chmod g+s project1
This effectively forces every file created, moved or copied into the “project1” directory to be owned by group “projgroup”. So far, so good. The difficulties begin when we attempt to use default ACLs to enforce the permissions of any files created, moved or copied into the directory.
The POSIX ACL standard defines “default” ACLs which can be applied to a directory, which are in turn inherited by newly created/copied/moved child files and directories. While the default ACLs are inherited properly, the ACL mask when applied to files copied into the group share directory WITHOUT previous group write set prevents the files from being group writable!
$ getfacl project1 # file: project1 # owner: root # group: projgroup user::rwx group::rwx other::r-- default:user::rw- default:group::rw- default:group:projgroup:rw- default:mask::rwx default:other::r--
So far so good, right?
$ ls -alh test -rw-r--r-- 1 user1 user 0 Apr 23 15:10 test $ cp test project1 $ ls -alh project1/test -rw-r--r--+ 1 user1 projgroup 0 Apr 23 15:10 project1/test
What the… ?!?! No group write? Noooooo!
$ getfacl project1 # file: project1/test # owner: user1 # group: projgroup user::rw- group::rw- #effective:r-- group:projgroup:rw- #effective:r-- mask::r-- other::r--
And so we have the great POSIX ACL mask problem, which is by design in fact. Still looking for a complete solution that doesn’t involve global trying to force a specific umask on every account… It would be nice if I could ensure that every file had group write set before it was copied into the group share directory but alas, I cannot. Telling users to manually check and change permissions is also a pain. Cron jobs to change group write recursively is also ugly. Please, someone provide me with the solution.
iPod Touch Woes
That’s right, my 1st generation iPod touch has been troublesome lately.
First, I took it snowboarding and it decides to get wet and short the battery somehow, killing it. Bad iPod! I told you not to get wet but you wouldn’t listen! At first I wasn’t sure if the battery really was dead or if the iPod itself had died. I quickly found out the battery was at fault when plugging it into my Macbook and seeing it come alive… too bad it was demanding that I restore it.
So, I tried to restore it. Turns out you can’t restore an iPod touch that doesn’t have a working battery. Part way through the restore, the iPod would die, presumably because it would disconnect from the USB power momentarily. Fine, I bought a new battery and soldered the three tiny little wires in and tried to restore it… and BAM! same problem! Ok, my fault, I didn’t let the battery charge enough. Once charged, I was able to perform the restore.
Now after waiting quite some time for the iPod backup to restore and my music to sync, I try plugging in my headphones to listen to some music. Nothing. The software volume slider is there and I can turn up the volume all the way but nothing. Some jiggling of the jack allows for one channel to come through all muddled. Open the iPod back up and I notice how I destroyed the ribbon cable going from the board to the jack during the battery replacement! Noooooooo.
I actually spent time trying to run four cables to jump the broken ribbon cable, but I didn’t heed my friend’s advice: There was no space for four wires in that tight case. Absolutely no way I could put the back on with those four “jumper” wires crudely soldered in. I also ended up shorting out at least two of the four leads, making my iPod think some kind of remote volume control was plugged in and preventing the display of the software volume controls! I decided to remove my failed attempt at fixing the headphone jack ribbon cable.
I’ve now ordered a replacement jack and I’m going to learn about the joys of soldering a ribbon cable to a tiny PCB. Wish me luck for when it arrives!