---
source: crates/whyno-cli/src/output/explain_tests.rs
expression: output
---
=== Subject ===
uid: 33
gid: 33
groups: [33]
operation: read
=== Path Walk ===
[0] /
stat: mode=0o0755 uid=0 gid=0 type=Directory
acl: (unknown)
flags: (unknown)
mount: / (ext4) ro=false noexec=false nosuid=false
[1] /var
stat: mode=0o0755 uid=0 gid=0 type=Directory
acl: (unknown)
flags: (unknown)
mount: /var (ext4) ro=false noexec=false nosuid=false
[2] /var/log
stat: mode=0o0750 uid=0 gid=4 type=Directory
acl: (unknown)
flags: (unknown)
mount: /var (ext4) ro=false noexec=false nosuid=false
[3] /var/log/app.log
stat: mode=0o0640 uid=0 gid=0 type=Regular
acl: (unknown)
flags: (unknown)
mount: /var (ext4) ro=false noexec=false nosuid=false
=== Layer Results ===
mount: PASS -- mount at /var (ext4) allows Read
fsflags: DEGRADED -- could not read filesystem flags for /var/log/app.log
traversal: FAIL -- /var/log: other has no execute permission
failing component index: 2
dac: FAIL -- mode 0640: other has no r permission
acl: DEGRADED -- ACL unknown
metadata: PASS -- not a metadata operation
selinux: DEGRADED -- SELinux state not gathered
apparmor: DEGRADED -- AppArmor state not gathered
=== Fix Plan ===
[0] layer=traversal impact=1/6
command: setfacl -m u:33:--x /var/log
description: grant execute to uid 33 on /var/log via ACL
[1] layer=traversal impact=4/6
command: chmod o+x /var/log
description: grant other-execute on /var/log
[2] layer=dac impact=1/6
command: setfacl -m u:33:r /var/log/app.log
description: grant r to uid 33 on /var/log/app.log via ACL
[3] layer=dac impact=4/6
command: chmod o+r /var/log/app.log
description: grant other-r on /var/log/app.log