On Sun, Apr 28, 2002 at 08:04:58PM -0800, Ethan Benson wrote:
> On Mon, Apr 29, 2002 at 01:24:02PM +1000, Timothy Shimmin wrote:
> > > > tes@sagan /mnt/xfs0/testdir/test1> getfacl .
> > > > # file: .
> > > > # owner: tes
> > > > # group: tes
> > > > user::rwx
> > > > group::rwx
> > > > other::r-x
> > > > default:user::rwx
> > > > default:user:tes:r--
> > > > default:group::rwx
> > > > default:mask::rwx
> > > > default:other::r-x
> > > >
> > > > tes@sagan /mnt/xfs0/testdir/test1> touch foo
> > > > tes@sagan /mnt/xfs0/testdir/test1> getfacl foo
> > > > # file: foo
> > > > # owner: tes
> > > > # group: tes
> > > > user::rw-
> > > > user:tes:r--
> > > > group::rwx #effective:rw-
> > > > mask::rw-
> > > > other::r--
> >
> > > im on 2.4.18 split patches, so perhaps this is already fixed,
> > Perhaps.
> > (But I've never seen this as a bug before - so there were
> > no intentional fixes AFAIK.)
> >
>
> your test is wrong, thats the problem, if you create a directory with
> your default acl then user tes won't have execute permission to it:
I don't understand your problem then.
My example was based on your example for creating a file
in the directory. And your example showed the file gaining
the execute permission on a user ACE - which I don't see.
Ethan previously wrote:
> > root@ash:/var/log/apache# setfacl -dm u:webstats:r-- .
> >
> > which renders:
> >
> > root@ash:/var/log/apache# getfacl .
> > # file: .
> > # owner: root
> > # group: root
> > user::rwx
> > group::r-x
> > other::r-x
> > default:user::rwx
> > default:user:webstats:r--
> > default:group::r-x
> > default:mask::r-x
> > default:other::r-x
> >
> >
> > and then touch foo and get its permissions:
> >
> > root@ash:/var/log/apache# touch foo
> > root@ash:/var/log/apache# getfacl foo
> > # file: foo
> > # owner: root
> > # group: root
> > user::rw-
> > user:webstats:r-x #effective:r--
> > group::r-x #effective:r--
> > mask::r--
> > other::r--
Ethan currently writes:
>
> eb@dogbert /home/eb/test$ getfacl .
> # file: .
> # owner: eb
> # group: eb
> user::rwx
> group::r-x
> other::r-x
> default:user::rwx
> default:user:bin:r--
> default:group::r-x
> default:mask::r-x
> default:other::r-x
>
> eb@dogbert /home/eb/test$ mkdir foo
> eb@dogbert /home/eb/test$ getfacl foo
> # file: foo
> # owner: eb
> # group: eb
> user::rwx
> user:bin:r--
> group::r-x
> mask::r-x
> other::r-x
> default:user::rwx
> default:user:bin:r--
> default:group::r-x
> default:mask::r-x
> default:other::r-x
>
> so the obvious solution to this is set r-x for user:tes on the default
> acl, but that breaks file creation. one way or another you get broken
> behavior, if acls would follow standard unix behavior of files getting
> 666 masked by default and directories get 777 masked it would work.
Well it's mkdir(1) which passes in a mode of 777 to the mkdir(2) call
for directories.
And touch(1) which uses 666 as the mode to creat(2) for files.
>
> or perhaps not having separate default acls for files/dirs is just
> broken, which is the conclusion im coming to, at least with the
> current broken behavior.
>
I see what you are getting at now but that is independent of the
bug you reported earlier.
--Tim
|