Is ACL really needed for the openHAB distribution RPi?

Tags: #<Tag:0x00007f616e1d0bd8> #<Tag:0x00007f616e1d0ac0>

The SD card is mounted with ACL permissions and some folders have the -----+ permission bits set. For simplicity I turned off ACL in /etc/fstab and see still everything is running (at least at a quick glance).
So do we really need it?

thx

What sort of question is that if you don’t even mention what OS you mean ? And who you’re talking to ?
And why ?

How to ask a good question / Help Us Help You - Tutorials & Examples - openHAB Community

Sorry - I am talking about the openHAB Distribution for the Rasperry Pi.

That’s based on Raspi OS lite so you would need to go ask the authors of that.

The authors of Raspi OS lite have no relation to openHAB.

openHAB distribution for RPi (the SD-Card image) comes pre-configured (e.g. samba) and ready to work on. I am asking if the pre-configured setup makes any use of ACL or is the basic ugo permissions enough.

They do: Raspi OS provides the base of the openHABian image.
So if they use ACLs, openHABian does. Noone but them can tell what happens if you remove them.
You didn’t even mention which ACL btw and why you think you need to know that.
There’s no need to change openHABian so why. If you want to by all means, you also need to check the openHABian code for yourself. Noone will be able to answer your question.

Was Raspi OS lite specially developed for openHAB?

Are we on the same page? ACL = access control list
If the setup is using setfacl commands then ACL is needed, else not.

Well in the system.bash I found:

  if ! cond_redirect setfacl -R --remove-all "${openhabFolders[@]}"; then echo "FAILED (reset file access)"; return 1; fi
  if ! cond_redirect setfacl -R -m g::rwX "${openhabFolders[@]}"; then echo "FAILED (set file access)"; return 1; fi
  if ! cond_redirect setfacl -R -m d:g::rwX "${openhabFolders[@]}"; then echo "FAILED"; return 1; fi

But the use of ACL is overkill here, since normal chmod would do the same.

No need for getting ironic. If you want help, you shouldn’t start like that, read my answer carefully and explain the background of your question.

I usually don’t quote myself but here goes:

And:

You seem to be a contributer to the system.bash file and you are telling me that nobody knows why in this case setfacl was used and not chmod/chown?
Hm … ok - I am fine with that.

Anybody else maybe knows?
At least from what I see in the openhabian repository it is safe to remove ACL mounting …

I am sure they do but they would be on a Raspi Os or a Raspberry Pi forum, not here.

Still maybe I am not expressing myself not correctly?
Nobody on Raspi OS has participated on writing the system.bash file.

The person who introduced the setfacl command in the system.bash should know the difference between chmod/chown and using ACL.

Please let me make an improvement suggestion. Since system.bash is not really using ACL for what it is made for, please use chmod/chown instead. This will have the same effects and avoid the hassle with ACL.

And that person would be on the forums I suggested, not here.

Are you saying that system.bash was written by someone of the RaspOS team?
I cannot find any reference to it.

The first commit of system.bash is in March 2019 and there is already the use of setfacl.
It was comming from Elias Gabrielsson. Is he still part of the development team?

He’s not active, you will not get any statement from him. Sorry for repeating myself but here goes again:

1 Like

The change was made in the following pr by @ThomDietrich :

But I have no further information and he doesn’t seem to be active lately.

1 Like

Thanks for all the replies. Have it running with ACL disabled in the fstab - without issues so far.
I guess it is really an old, long forgotten and unmaintained code section …