zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. #12544

blyt · 2021-09-07T17:50:52Z

System information

Type	Version/Name
Distribution Name	Ubuntu
Distribution Version	21.04
Kernel Version	5.11.0-31-generic
Architecture	x64
OpenZFS Version	zfs-2.0.2-1ubuntu5.1

Describe the problem you're observing

/etc/zfs/zed.d/zed.rc specifies that "This file should be owned by root and permissioned 0600."

If you stop the zed service and run 'zed -v -F', you get the error: Ignoring "zed.rc": not executable by user.

Describe how to reproduce the problem

chmod 0600 zed.rc, as directed by the comment in zed.rc.

Include any warning/errors/backtraces from the system logs

nabijaczleweli · 2022-04-01T20:04:42Z

What's the issue here?

During zedlet enumeration, you do get this

		if (!(st.st_mode & S_IXUSR)) {
			zed_log_msg(LOG_INFO,
			    "Ignoring \"%s\": not executable by user",
			    direntp->d_name);
			continue;
		}

but (a) it's LOG_INFO and (b) it's not an error, since processing continues.

Indeed the default configuration has both zed.rc and zed-functions.sh:

nabijaczleweli@tarta:~$ l /etc/zfs/zed.d/
total 26K
lrwxrwxrwx 1 root root   38 Oct  6 23:09 all-syslog.sh -> /usr/lib/zfs-linux/zed.d/all-syslog.sh
lrwxrwxrwx 1 root root   39 Oct  6 23:09 data-notify.sh -> /usr/lib/zfs-linux/zed.d/data-notify.sh
lrwxrwxrwx 1 root root   57 Oct  6 23:09 history_event-zfs-list-cacher.sh -> /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh
lrwxrwxrwx 1 root root   43 Oct  6 23:09 pool_import-led.sh -> /usr/lib/zfs-linux/zed.d/pool_import-led.sh
lrwxrwxrwx 1 root root   50 Oct  6 23:09 resilver_finish-notify.sh -> /usr/lib/zfs-linux/zed.d/resilver_finish-notify.sh
lrwxrwxrwx 1 root root   55 Oct  6 23:09 resilver_finish-start-scrub.sh -> /usr/lib/zfs-linux/zed.d/resilver_finish-start-scrub.sh
lrwxrwxrwx 1 root root   47 Oct  6 23:09 scrub_finish-notify.sh -> /usr/lib/zfs-linux/zed.d/scrub_finish-notify.sh
lrwxrwxrwx 1 root root   43 Oct  6 23:09 statechange-led.sh -> /usr/lib/zfs-linux/zed.d/statechange-led.sh
lrwxrwxrwx 1 root root   46 Oct  6 23:09 statechange-notify.sh -> /usr/lib/zfs-linux/zed.d/statechange-notify.sh
lrwxrwxrwx 1 root root   42 Oct 10 15:22 trim_finish-notify.sh -> /lib/zfs-linux/zed.d/trim_finish-notify.sh
lrwxrwxrwx 1 root root   43 Oct  6 23:09 vdev_attach-led.sh -> /usr/lib/zfs-linux/zed.d/vdev_attach-led.sh
lrwxrwxrwx 1 root root   42 Oct  6 23:09 vdev_clear-led.sh -> /usr/lib/zfs-linux/zed.d/vdev_clear-led.sh
-rw-r--r-- 1 root root  16K Mar 29 19:05 zed-functions.sh
-rw-r--r-- 1 root root 4.1K Mar 29 19:21 zed.rc

Neither of which are executable, because neither of them are executables, because neither of them are ZEDLETs, so they're correctly skipped.

It doesn't matter, 0600 are Weird Permissions, and it's even weirder to spec them for no reason ‒ it's perfectly fine if it's the usual 0:0 644, or literally anything else, so long as unprivileged users can't edit it (which (a) 644 accomplishes and (b) is at the administrator's discretion, it's not unheard of to have adm users and having it be 664 in that case is just as good; it's not our place to say) Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#12544

It doesn't matter, 0600 are Weird Permissions, and it's even weirder to spec them for no reason ‒ it's perfectly fine if it's the usual 0:0 644, or literally anything else, so long as unprivileged users can't edit it (which (a) 644 accomplishes and (b) is at the administrator's discretion, it's not unheard of to have adm users and having it be 664 in that case is just as good; it's not our place to say) Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12544 Closes #13276

It doesn't matter, 0600 are Weird Permissions, and it's even weirder to spec them for no reason ‒ it's perfectly fine if it's the usual 0:0 644, or literally anything else, so long as unprivileged users can't edit it (which (a) 644 accomplishes and (b) is at the administrator's discretion, it's not unheard of to have adm users and having it be 664 in that case is just as good; it's not our place to say) Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#12544 Closes openzfs#13276

blyt added the Type: Defect Incorrect behavior (e.g. crash, hang) label Sep 7, 2021

behlendorf added Component: ZED ZFS Event Daemon good first issue Indicates a good issue for first-time contributors labels Sep 7, 2021

blyt changed the title ~~zed.rc ignored when setting permissions to 0600 as directed, but actually it must be exectuable.~~ zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. Sep 8, 2021

nabijaczleweli mentioned this issue Apr 1, 2022

cmd: zed: rc: drop "should be owned by root and 0600" #13276

Merged

13 tasks

behlendorf closed this as completed in #13276 Apr 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. #12544

zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. #12544

blyt commented Sep 7, 2021

nabijaczleweli commented Apr 1, 2022

zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. #12544

zed.rc ignored when setting permissions to 0600 as directed, but actually it must be executable. #12544

Comments

blyt commented Sep 7, 2021

System information

Describe the problem you're observing

Describe how to reproduce the problem

Include any warning/errors/backtraces from the system logs

nabijaczleweli commented Apr 1, 2022