Tags Tags

how to safely remove an acl: user_u:object_r:user_home_dir_t

May 10th, 2012 - 12:50 pm ET by Berni Elbourn | Report spam
Help Create a new topic
I was tidying up some old accounts on an squeeze system today and noticed this one home directory has a full stop in the
permissions:

$ ls -ld /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager 4096 May 10 17:26 /home/manager.gwcc/

Seems this is an acl:

$ ls -lZd /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager user_u:object_r:user_home_dir_t 4096 May 10 17:26 /home/manager.gwcc/

Harmless enough but entirely not needed. Googling a bit did suggest setfacl -b. So a quick apt-get install acl ..

$ sudo setfacl -b /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager user_u:object_r:user_home_dir_t 4096 May 10 17:26 /home/manager.gwcc/

So this leaves the acl in place. Sorry but I have exhausted my Google skills. Any pointers to rid this setting? Or shall
I just recreate the folder from scratch.

ta

Berni



"Confidence is what you have before you understand a problem" - Woody Allen


To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4FABEF65.4000603@gmail.com
email Follow the discussionReplies 4 repliesReplies Make a reply

Similar topics

Replies

#1 Camale
May 10th, 2012 - 01:50 pm ET | Report spam
On Thu, 10 May 2012 17:40:05 +0100, Berni Elbourn wrote:

(...)

$ sudo setfacl -b /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager user_u:object_r:user_home_dir_t 4096


^

(...)

The final dot catched my attention :-)

Check if this helps to understand what's going on:

http://ubuntuforums.org/showthread.php?t15684

Greetings,

Camaleón


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/jogunu$qkr$
Replies Reply to this message
#2 Berni Elbourn
May 10th, 2012 - 03:10 pm ET | Report spam
On 10/05/12 18:43, Camaleón wrote:
On Thu, 10 May 2012 17:40:05 +0100, Berni Elbourn wrote:

(...)

$ sudo setfacl -b /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager user_u:object_r:user_home_dir_t 4096


^

(...)

The final dot catched my attention :-)

Check if this helps to understand what's going on:

http://ubuntuforums.org/showthread.php?t15684

Greetings,




Something like "setfattr -x security.selinux /home/manager.gwcc" ???

Trouble is selinux is off:

$ sudo sestatus
SELinux status: disabled

Also the attr package is not installed...

$ apt-cache policy attr
attr:
Installed: (none)
Candidate: 1:2.4.44-2
Version table:
1:2.4.44-2 0
500 http://ftp.uk.debian.org/debian/ squeeze/main amd64 Packages

so no setfattr???

"Confidence is what you have before you understand a problem" - Woody Allen


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/
Replies Reply to this message
#3 Berni Elbourn
May 10th, 2012 - 03:30 pm ET | Report spam
On 10/05/12 19:59, Berni Elbourn wrote:
On 10/05/12 18:43, Camaleón wrote:
On Thu, 10 May 2012 17:40:05 +0100, Berni Elbourn wrote:

(...)

$ sudo setfacl -b /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x. 2 manager.gwcc e-manager user_u:object_r:user_home_dir_t 4096


^

(...)

The final dot catched my attention :-)

Check if this helps to understand what's going on:

http://ubuntuforums.org/showthread.php?t15684

Greetings,




Something like "setfattr -x security.selinux /home/manager.gwcc" ???

Trouble is selinux is off:

$ sudo sestatus
SELinux status: disabled

Also the attr package is not installed...

$ apt-cache policy attr
attr:
Installed: (none)
Candidate: 1:2.4.44-2
Version table:
1:2.4.44-2 0
500 http://ftp.uk.debian.org/debian/ squeeze/main amd64 Packages

so no setfattr???




:-) But wow, bite the bullet and install attr:

$ sudo getfattr -n security.selinux /home/manager.gwcc/
getfattr: Removing leading '/' from absolute path names
# file: home/manager.gwcc/
security.selinux="user_u:object_r:user_home_dir_t

$ sudo setfattr -x security.selinux /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x 2 manager.gwcc e-manager ? 4096 May 10 20:14 /home/manager.gwcc/
$ ls -ld /home/manager.gwcc/
drwxr-x 2 manager.gwcc e-manager 4096 May 10 20:14 /home/manager.gwcc/

Huge thanks !


"Confidence is what you have before you understand a problem" - Woody Allen


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/
Replies Reply to this message
#4 Camale
May 11th, 2012 - 11:20 am ET | Report spam
On Thu, 10 May 2012 20:28:33 +0100, Berni Elbourn wrote:

On 10/05/12 19:59, Berni Elbourn wrote:
On 10/05/12 18:43, Camaleón wrote:





(...)

The final dot catched my attention :-)







(...)

Something like "setfattr -x security.selinux /home/manager.gwcc" ???





Yes. But let's see what the manual says on this:

***
man setfattr

-x name, --remove=name
Remove the named extended attribute entirely.
***

It sounds like a logical approach with no other side effects :-?

Trouble is selinux is off:

$ sudo sestatus
SELinux status: disabled





Mmm... weird. True is that Debian does not enable SELinux by default
(AFAIK) but maybe is that there's some kind of relation between SELinux
and the usage of extended attributes.

Here there's some explanation on this:

http://fedoraproject.org/wiki/Security_context

Also the attr package is not installed...

$ apt-cache policy attr
attr:
Installed: (none)
Candidate: 1:2.4.44-2
Version table:
1:2.4.44-2 0
500 http://ftp.uk.debian.org/debian/ squeeze/main amd64 Packages

so no setfattr???





Then you will have to install it :-)

:-) But wow, bite the bullet and install attr:

$ sudo getfattr -n security.selinux /home/manager.gwcc/
getfattr: Removing leading '/' from absolute path names
# file: home/manager.gwcc/
security.selinux="user_u:object_r:user_home_dir_t

$ sudo setfattr -x security.selinux /home/manager.gwcc/
$ ls -lZd /home/manager.gwcc/
drwxr-x 2 manager.gwcc e-manager ? 4096 May 10 20:14 /home/manager.gwcc/
$ ls -ld /home/manager.gwcc/
drwxr-x 2 manager.gwcc e-manager 4096 May 10 20:14 /home/manager.gwcc/

Huge thanks !



Hey, perfect! No more "trailing dots" ;-)

And thanks for sharing. I will annotate your solution so I can recall it
as a future reference.

Greetings,

Camaleón


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/jojal1$pnh$
email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search