ls: Operation not Permitted

M

4

7

I have a running a fuse fs with options allow_other and umask 0. This gives me a set of files with permissions set to 777. Though when I try to ls -l in the directory containing the files I get the following output:

ls: name: Operation not permitted
ls: tags: Operation not permitted
ls: location: Operation not permitted
ls: ext: Operation not permitted
ls: experiment_id: Operation not permitted
ls: file_path: Operation not permitted

Can anyone tell me why despite having global permissions (777) I am still getting operation not permitted?

On running strace, I get the following traces:

lstat("tags", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("tags", "security.selinux", 0x112ae80, 255) = -1 EPERM (Operation not     permitted)
write(2, "ls: ", 4ls: )                     = 4
write(2, "tags", 4tags)                     = 4
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
)                       = 1
lstat("location", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("location", "security.selinux", 0x112aea0, 255) = -1 EPERM (Operation not      permitted)
write(2, "ls: ", 4ls: )                     = 4
write(2, "location", 8location)                 = 8
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1)                       = 1
lstat("ext", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("ext", "security.selinux", 0x112aec0, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: )                     = 4
write(2, "ext", 3ext)                      = 3
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1)                       = 1
lstat("experiment_id", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("experiment_id", "security.selinux", 0x112aee0, 255) = -1 EPERM (Operation not    permitted)  
write(2, "ls: ", 4ls: )                     = 4
write(2, "experiment_id", 13experiment_id)           = 13
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1)                       = 1
lstat("file_path", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("file_path", "security.selinux", 0x112af00, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: )                     = 4
write(2, "file_path", 9file_path)                = 9
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1)                       = 1

So from the trace, it looks like its trying to get the selinux attribute even though its disabled on my system.

cat /etc//sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted

Monosepalous answered 8/9, 2014 at 4:33 Comment(2)

Setting 777 permissions is almost always a bad idea; it permits any user on the system to modify the corresponding file or directory. 755 or, at most, 775 is more sensible. – Footstalk 8/9, 2014 at 15:22

I can set it to 755. I set it to 777 just to check various debuggin scenarios. Right now I am more interested in finding how to fix this. – Monosepalous 8/9, 2014 at 15:43

M

1

The problem was with my getxattr implementation. I was returning -1 on error which translated to EPERM, instead I should have returned ENODATA which is more correct error case for my logic. This fixed those errors as well.

https://gowalker.org/github.com/hanwen/go-fuse/fuse

Monosepalous answered 8/9, 2014 at 20:53 Comment(0)

U

17

follow the below steps to resolve the issue. I tried below steps, worked for me 1.Pull down the  Apple menu and choose ‘System Preferences’ 2.Choose “Security & Privacy” control panel 3.Now select the “Privacy” tab, then from the left-side menu select “Full Disk Access” 4.Click the lock icon in the lower left corner of the preference panel and authenticate with an admin level login 5.Now click the [+] plus button to add an application with full disk access 6.Navigate to the /Applications/Utilities/ folder and choose “Terminal” to grant Terminal with Full Disk Access privileges 7.Relaunch Terminal, the “Operation not permitted” error messages will be gone

Urgency answered 9/3, 2020 at 17:57 Comment(1)

thanks Apple… of course Terminal.app needs to be blocked from external disk access...OmG – Flurried 2/8 at 15:7

T

2

Set permissions on the directory that contains the files.

Tun answered 8/9, 2014 at 4:37 Comment(1)

It is a directory, not a folder. – Uro 8/9, 2014 at 4:47

U

1

Use strace(1) at least as

 strace ls -l

this will show you all the syscalls done by ls and you would recognize which FUSE file-system related syscalls(2) are failing.

^{Perhaps stat(2) is failing on individual directory entries like tags etc...?}

You are probably forgetting to implement some operations in your FUSE.

Uro answered 8/9, 2014 at 4:37 Comment(1)

Updated the question with strace output. The issue seems to be with fetching the selinux attribute. – Monosepalous 8/9, 2014 at 15:9

M

1

The problem was with my getxattr implementation. I was returning -1 on error which translated to EPERM, instead I should have returned ENODATA which is more correct error case for my logic. This fixed those errors as well.

https://gowalker.org/github.com/hanwen/go-fuse/fuse

Monosepalous answered 8/9, 2014 at 20:53 Comment(0)

Recommended topics

Hot tags