Failed to create secure directory with ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2014-04-09 17:55 GMT+02:00 Michael DePaulo <mikedep333 at gmail.com>:
>
> On Apr 8, 2014 1:17 AM, "Prunk Dump" <prunkdump at gmail.com> wrote:
>>
>> 2014-04-07 14:11 GMT+02:00 Prunk Dump <prunkdump at gmail.com>:
>> > Hello !
>> >
>> > The home folders of my users are shared through a CIFS server that
>> > support Access Control Lists. Pulse audio won't start in those folders
>> > complaining "Failed to create secure directory: Permission denied".
>> >
>> > $strace -v pulseaudio
>> > ...
>> > mkdir("/home/teachers/pellegrb/.pulse", 0700) = 0
>> > umask(022)                              = 077
>> > open("/home/teachers/pellegrb/.pulse",
>> > O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC) = 4
>> > fstat(4, {st_mode=S_IFDIR|0775, st_size=0, ...}) = 0
>> > getuid()                                = 3000137
>> > getgid()                                = 3000038
>> > fchown(4, 3000137, 3000038)             = 0
>> > fchmod(4, 0700)                         = 0
>> > close(4)                                = 0
>> > lstat("/home/teachers/pellegrb/.pulse", {st_dev=makedev(0, 19),
>> > st_ino=6293841, st_mode=S_IFDIR|0770, st_nlink=2, st_uid=3000137,
>> > st_gid=3000038, st_blksize=16384, st_blocks=0, st_size=0,
>> > st_atime=2014/04/07-13:40:13, st_mtime=2014/04/07-13:40:13,
>> > st_ctime=2014/04/07-13:55:15}) = 0
>> > rmdir("/home/teachers/pellegrb/.pulse") = 0
>> > ...
>> >
>> > As I understand, the UID and GID are correct but Pulseaudio think the
>> > mode 0770 is problematic. In core-util.c, this test fail :
>> >
>> > if (!S_ISDIR(st.st_mode) ||
>> >         (st.st_uid != uid) ||
>> >         (st.st_gid != gid) ||
>> >         ((st.st_mode & 0777) != m)) {
>> >         errno = EACCES;
>> >         goto fail;
>> >     }
>> >
>> >
>> > But the following commands in terminal :
>> >
>> > $mkdir /home/teachers/pellegrb/.pulse
>> > $chown 3000137:3000038 /home/teachers/pellegrb/.pulse
>> > $chmod 0700 /home/teachers/pellegrb/.pulse
>> > $ls -al /home/teachers/pellegrb
>> >
>> > drwxrwx---+  2 pellegrb teachers     0 avril  7 14:02 .pulse
>> >
>> > $getfacl /home/teachers/pellegrb/.pulse
>> >
>> > # file: home/teachers/pellegrb/.pulse
>> > # owner: pellegrb
>> > # group: teachers
>> > user::rwx
>> > user:3000038:r-x
>> > group::---
>> > group:teachers:r-x
>> > group:3000137:rwx
>> > mask::rwx
>> > other::---
>> > default:user::rwx
>> > default:user:pellegrb:rwx
>> > default:group::r-x
>> > default:group:teachers:r-x
>> > default:mask::rwx
>> > default:other::r-x
>> >
>> > Every seems correct in the ACL sense. How can I fix this warning ? (In
>> > reality all the home folders are secured and the chmod is useless)
>> >
>> > Thanks !
>>
>>
>>
>> 2014-04-07 14:57 GMT+02:00 Michael DePaulo <mikedep333 at gmail.com>:
>> > On Mon, Apr 7, 2014 at 8:11 AM, Prunk Dump <prunkdump at gmail.com> wrote:
>> >> Hello !
>> >>
>> >> The home folders of my users are shared through a CIFS server that
>> >> support Access Control Lists. Pulse audio won't start in those folders
>> >> complaining "Failed to create secure directory: Permission denied".
>> >
>> > I have info that may be relevant. I figured I'd at least mention it.
>> >
>> > I am maintaining win32 builds, largely because the X2Go project needs
>> > them:
>> > http://comments.gmane.org/gmane.comp.audio.pulseaudio.general/19865
>> >
>> > I see similar warnings with win32 builds on NTFS filesystems. In this
>> > example, this is what happens when I start pulseaudio from the command
>> > line. The ".config" and "pulse" directories above the cookie are
>> > created though:
>> > C:\Users\mike.DEPAULO\.config\pulse\pulse
>> >
>> > The config.pa file contains these lines:
>> > load-module module-native-protocol-tcp port=4713
>> > load-module module-esound-protocol-tcp port=4714
>> > load-module module-waveout
>> >
>> > C:\Program Files (x86)\x2goclient\pulse-5.0>pulseaudio.exe -n -F
>> > C:\Users\mike.DEPAULO\.x2go\pulse\tmp.Hp8344\config.pa
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core.c: failed to allocate shared memory pool.
>> > Falling back to a normal memory pool.
>> > W: [(null)] pulsecore/authkey.c: Failed to open cookie file
>> > 'C:\Users\mike.DEPAULO\.config/pulse/cookie': No such file or
>> > directory
>> > W: [(null)] pulsecore/authkey.c: Failed to load authorization key
>> > 'C:\Users\mike.DEPAULO\.config/pulse/cookie': No error
>> > W: [(null)] pulsecore/authkey.c: Failed to open cookie file
>> > 'C:\Users\mike.DEPAULO\.pulse-cookie': No such file or directory
>> > W: [(null)] pulsecore/authkey.c: Failed to load authorization key
>> > 'C:\Users\mike.DEPAULO\.pulse-cookie': No error
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> > W: [(null)] pulsecore/core-util.c: Secure directory creation not
>> > supported on Win32.
>> >
>> > Also, for some reason that I could not determine, when x2goclient.exe
>> > (our app written in QT4) launches pulseaudio.exe, pulseaudio.exe fails
>> > to create those directories. Therefore, pulseaudio.exe fails to create
>> > the cookie, and pulseaudio.exe fails to start. At 1st we worked around
>> > it by creating those 2 directories in x2goclient.exe. Now we are
>> > working around it by passing the "auth-cookie" argument to
>> > module-native-protocol-tcp, so that the cookie is created in a
>> > directory that already exists. (The config.pa file above is an old
>> > one). This issue is detailed here:
>> > http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=422
>> >
>> > -Mike DePaulo
>> > _______________________________________________
>> > pulseaudio-discuss mailing list
>> > pulseaudio-discuss at lists.freedesktop.org
>> > http://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
>>
>> Thanks for your help !
>>
>> In my case, even if I create the directories manually PulseAudio
>> complain that the rights are not correctly set and delete all the
>> directories ! There are no ACL check and if I look at the source code
>> and I don't see any part related to ACL support on home folder (just
>> for udev).
>>
>> Please help me, no one of mine 230 linux clients have sound since
>> Gnome switched to PulseAudio. This is problematic on a high-school
>> network.
>>
>> Thanks again and excuse my English !
>>
>> Baptiste.
>
> I might be able to help you.
>
> What Linux distro are you using, what version of pulseaudio, what cifs
> server, and what cifs mount options?
>
> Sent from my Android Smartphone
>
>
> _______________________________________________
> pulseaudio-discuss mailing list
> pulseaudio-discuss at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
>

Hi,

Linux clients and the domain controller are all Debian Wheezy.

(on the client)
$ pulseaudio --version
pulseaudio 2.0

$mount
...
//fichdc/uhomes/teachers/pellegrb on /home/teachers/pellegrb type cifs
(rw,relatime,sec=ntlm,unc=\\fichdc\uhomes,username=pellegrb,uid=3000137,noforceuid,gid=3000038,noforcegid,addr=172.16.200.20,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1

(on the server, samba4 compiled from source)
# samba-tool --version
4.1.4

I have made an ugly workaround with pam_exec that remove the ACLs at
user login :

home=`eval echo ~$PAM_USER`
mkdir -p $home/.pulse
setfacl -b $home/.pulse
chmod 0700 $home/.pulse

The way the user can launch PulseAudio.

Thank you very much for your help !

Baptiste.


[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux