Hi Andreas,
On Wed, May 01, 2002 at 12:44:39PM +0200, Andreas Gruenbacher wrote:
> On Wed, 1 May 2002, Timothy Shimmin wrote:
>
> >
> > setfacl is about to set the acl with a mask ACE of m::rw-
> > even though the mask ACE is currently m::---.
> > It seems that setfacl(1) is looking at the GROUP_OBJ ace and
> > setting the mask ACE to this !
> >
> > In XFS, if we have a mask ACE then it is kept in sync with the
> > group permissions (as per the standard),
> > but the GROUP_OBJ ACE is left unaltered.
> > So setfacl(1) is sync'ing the mask ACE with the GROUP_OBJ ACE
> > and we are in trouble.
> > The question is, why is setfacl(1) doing this ?
>
> Because this is what setfacl is supposed to do accorindg to the
> specification.
>
> Unless the -n option is not used, setfacl recalculates the permissions in
I think you mean "unless the -n option is used"
> the ACL mask entry whenever the ACL changes, as long as no mask entry is
> explicitly given. The permissions are set to the union of the permissions
> of all ACL_USER, ACL_GROUP_OBJ, and ACL_GROUP entries. This gives:
>
This ACL stuff is weird.
Looking at the std (1003.2c sect.8.2.7) it says:
"For both the -m and -M options, ...
If no mask entry is specified and the -n option is not specified
then the permissions of the resulting ACL mask entry shall be set
to the union of the permissions associated with all entries
which belong to the file group class in the resulting ACL ..."
So is ACL_USER part of the file group class (noting what you said above) ?
What is the definition of "entries which belong to the file group class" ?
--Tim
|