Log file permissions do not allow access after changing directory location

kgorlen · 9 February 2022 19:47

Please describe what you are doing to trigger the bug:
Changing location of logs directory.

Please describe what you expect to happen (but doesn’t):
Expect log files to be accessible as specified by default permissions on the logs directory.

Please describe what actually happens (the wrong behaviour):
mask::--- setting prevents access.

[/share/Household/duplicacy] # getfacl logs
# file: logs
# owner: Keith
# group: everyone
user::rwx
user:admin:rwx
user:Keith:rwx
user:guest:---
group::---
group:administrators:rwx
group:Household:rwx
mask::rwx
other::---
default:user::rwx
default:user:admin:rwx
default:user:Keith:rwx
default:user:guest:---
default:group::---
default:group:administrators:rwx
default:group:Household:rwx
default:mask::rwx
default:other::---

[/share/Household/duplicacy] # whoami
admin
[/share/Household/duplicacy] # cd logs
[/share/Household/duplicacy/logs] # touch test.log
[/share/Household/duplicacy/logs] # ll test.log
-rw-rw---- 1 admin administrators 0 2022-02-09 11:14 test.log
[/share/Household/duplicacy/logs] # getfacl test.log
# file: test.log
# owner: admin
# group: administrators
user::rw-
user:admin:rwx                  #effective:rw-
user:Keith:rwx                  #effective:rw-
user:guest:---
group::---
group:administrators:rwx        #effective:rw-
group:Household:rwx             #effective:rw-
mask::rw-
other::---

The test.log file created by admin is accessible.

Change location of logs directory to /share/Household/duplicacy/logs and run a backup.

[/share/Household/duplicacy/logs] # ll
total 40K
drwxrwx--- 2 Keith everyone       4.0K 2022-02-09 11:20 ./
drwxrwx--- 4 Keith everyone       4.0K 2022-02-09 11:14 ../
-rw------- 1 admin administrators 1.5K 2022-02-09 11:21 backup-20220209-112035.log
-rw-r----- 1 admin administrators 5.6K 2022-02-09 11:21 duplicacy_web.log
-rw-rw---- 1 admin administrators    0 2022-02-09 11:14 test.log
[/share/Household/duplicacy/logs] # getfacl duplicacy_web.log
# file: duplicacy_web.log
# owner: admin
# group: administrators
user::rw-
user:admin:rwx                  #effective:r--
user:Keith:rwx                  #effective:r--
user:guest:---
group::---
group:administrators:rwx        #effective:r--
group:Household:rwx             #effective:r--
mask::r--
other::---

[/share/Household/duplicacy/logs] # getfacl backup-20220209-112035.log
# file: backup-20220209-112035.log
# owner: admin
# group: administrators
user::rw-
user:admin:rwx                  #effective:---
user:Keith:rwx                  #effective:---
user:guest:---
group::---
group:administrators:rwx        #effective:---
group:Household:rwx             #effective:---
mask::---
other::---

The mask::r-- setting on duplicacy_web.log allows access, but the mask::--- setting on backup-20220209-112035.log prevents access.

gchen · 11 February 2022 02:26

What is the result of getfacl /share/Household/duplicacy/logs? I suspect that it has a mask of --- which is inherited by all backup logs.

Can you change the mask of /share/Household/duplicacy/logs and see if new log files have the correct mask?

kgorlen · 11 February 2022 02:47

Please see original post. /share/Household/duplicacy/logs has default:mask::rwx. Test files created by admin have mask::rw- and are accessible, so duplicacy_web must be overriding the default.

gchen · 11 February 2022 03:57

The web GUI doesn’t change the mask, and duplicacy_web.log and other log files are created with the same mode.

Can you delete duplicacy_web.log (or save it to a different location) and restart the web GUI? The check the ACL of this log again.

kgorlen · 11 February 2022 19:00

It appears that the web GUI restarts itself when the log directory is changed. Nevertheless, I restarted it again manually, but this made no difference.

[/share/Household/duplicacy/logs] # more *web.log
2022/02/11 10:06:53 Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
2022/02/11 10:06:53 Temporary directory set to /share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories
2022/02/11 10:06:53 Schedule NAS0 Backup next run time: 2022-0212 00:01
2022/02/11 10:06:53 Schedule NAS0 Backup + Prune next run time: 2022-0213 00:01
2022/02/11 10:06:53 Duplicacy Web Edition 1.5.0 (BAFF49)

BTW, this is on a QNAP NAS.

I presume that the CLI output is piped to duplicacy_web, which writes the log file, yes?

A grep '^Umask:' "/proc/<duplicacy_web PID>/status" while running a long check command shows umask 0000, so that doesn’t seem to explain the problem.

Some else odd is that I can’t reset the log directory to the standard location by browsing to it because the .duplicacy_web directory is not shown:

Its permissions look OK:

[~/.qpkg/Duplicacy] # getfacl .duplicacy-web
# file: .duplicacy-web
# owner: admin
# group: administrators
user::rwx
group::r-x
other::r-x

gchen · 14 February 2022 20:22

On my QNAP I don’t have those masks set in the ACL:

[~/MD0_DATA/.qpkg/Duplicacy/.duplicacy-web] # getfacl logs
# file: logs
# owner: admin
# group: administrators
user::rwx
group::r--
mask::rw-
other::r--

[~/MD0_DATA/.qpkg/Duplicacy/.duplicacy-web] # getfacl logs/duplicacy_web.log 
# file: logs/duplicacy_web.log
# owner: admin
# group: administrators
user::rw-
group::r--
other::r--

Did you enable Advanced Folder Permissions? Or Windows ACL?

kgorlen · 14 February 2022 20:39

Advanced Folder Permissions are enabled, Windows ACL Support is disabled.