On Thu, Jun 06, 2002 at 11:27:00AM +0100, Juer Lee wrote:
> XFS Gurus,
>
> Quick question about ACL and file mode.
> According POSIX1003.1eD16, in file mode the MASK is set instead of the
> GROUP entry, if there is a MASK. Why don't we use MASK AND GROUP Bit?
> Are there any potential problems if we do it like that?
i asked this question to the acl developers and they ignored me.
it seems to me the behavior defined in the withdrawn posix draft just
breaks things, i cannot think of any advantage to not making
chmod g=whatever affect both the mask and group permissions.
i also see no reason to treat a *withdrawn* draft standard as the word
of god, the fact it was withdrawn indicates at least to me that there
was still some brokeness which was never resolved.
> I found a problem with Samba 2.2.4 + Linux2.4.18 + XFS 1.1.
>
> This is what I get: ( note: 'aaaa' is created from a samba client, and
> the parent directory's default acl is
> u::rwx,g::rwx,o::rwx,u:aa:r-x,m::rwx )
> ------------------------------------------------------------------------
> ---------
> bash-2.04# ls -l aaaa
> -rwxrwxrw- 1 juer.lee users 0 Feb 25 07:42 aaaa
> bash-2.04# getfacl aaaa
> # file: aaaa
> # owner: juer.lee
> # group: users
> user::rwx
> group::rw-
> other::rw-
> user:aa:r-x
> mask::rwx
> ------------------------------------------------------------------------
> ---------
> When I use LS command, it says all owning-group users have full access
> right, it is not right --- the result got from GETFACL reflected
> correctly.
well now the fact that ls reports the mask permissions instead of
group permissions does have a rational discussed in the posix draft
(at least indirectly), the idea is someone can look at the permissions
reported by ls and have some idea of the maximum permissions granted
to any user. it does have the negative affect of being somewhat
misleading, esp to those not very familer with ACLs.
> Could anybody tell me a solution? My solution is set the group entry
> bits as GROUP_ENTRY & MASK if there is a MASK, but it is not the
> POSIX1003.1eD16 standard.
i have found there really isn't much of a way to completly get the
permissions you want from default acl's as implemented currently, if
you want execute bits on everything you can't get them (unless you can
control the create mode in the program open() calls), and if you
don't want execute bits on additional user ACEs or the primary group
you can't get that either.
however that being said, the permissions your ending up with don't
look right at all from my test purly in unix with the default acl you
mention i get:
# file: foo
# owner: eb
# group: eb
user::rw-
user:build:r-x #effective:r--
group::rwx #effective:rw-
mask::rw-
other::rw-
-rw-rw-rw- 1 eb eb 0 Jun 6 02:57 foo
samba is obviously playing with its create mode, probably using 0776
instead of 0666, but that does not explain why your group is getting
rw- instead of rwx.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpqmMuUALnwg.pgp
Description: PGP signature
|