http://oss.sgi.com/bugzilla/show_bug.cgi?id=280
Summary: still a bug in sgid inheritance with ACLs activated (I
know about fs.xfs.irix_sgid_inherit)
Product: Linux XFS
Version: Current
Platform: IA32
OS/Version: Linux
Status: NEW
Severity: major
Priority: High
Component: XFS kernel code
AssignedTo: xfs-master@xxxxxxxxxxx
ReportedBy: divotre@xxxxxxx
CC: divotre@xxxxxxx
Hi.
First, I know XFS has a special behaviour with sgid inheritance
that can be configured via a sysctl call (fs.xfs.irix_sgid_inherit..). By
default, it has the linux behaviour of propagating sgid, and it works well.
But I discovered a bug when ACLs are activated and are granting the permissions.
Do this test (as a normal user, say user: dams, group: dams, with no special
belonging to other groups):
[dams]$ mkdir /tmp/test
[dams]$ chmod g+s /tmp/test
[dams]$ su -
[root]# chown otheruser.othergroup /tmp/test (we put the dir in an other group
that dams is not a member of, and change owner too: say lp.lp or whatever)
[root]# chacl -b u::rwx,g::rwx,g:dams:rwx,o::---,m::rwx
u::rwx,g::rwx,g:dams:rwx,o::---,m::rwx /tmp/test/ (grant permission to the
group dams through ACL)
[root]# exit
[dams]$ mkdir /tmp/test/aaa (subdir creation is permitted to dams by the ACL)
[dams]$ ls -l /tmp/test/
drwxrwx---+ 2 dams lp 1024 Sep 15 17:19 aaa
You can see that SGID is lost. Group is well adjusted though, but if I create a
dubdir to aaa/, the group is lost since SGID cannot make is role.
I tested with ext3 and it works well, as expected the aaa dir has the sgid bit
set and is inherited through all subdirs.
I tested xfs 1.3.0 with kernel 2.4.21 and xfs 1.2.0 with kernel 2.4.18, and the
bug is present in both versions.
regards,
Dams
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
|