Hello,
The usual way of manipulating a file's POSIX ACL is through the
system.posix_acl_{access,default} xattrs. Setting
system.posix_acl_access also sets the permission bits in the file
mode. The acls are cached in inode->i_acl and inode->i_default_acl.
On XFS, POSIX ACLs are also exposed as trusted.SGI_ACL_{FILE,DEFAULT}
xattrs in a different value format. However, setting these xattrs does
not update inode->i_{,default_}acl, and setting trusted.SGI_ACL_FILE
does not update the file mode; things can get out of sync:
$ touch f
$ setfacl -m u:agruenba:rw f
$ ls -l f
-rw-rw-r--+ 1 root root 0 Oct 23 15:04 f
$ getfattr -m- -d f
# file: f
security.selinux="unconfined_u:object_r:user_tmp_t:s0"
system.posix_acl_access=0sAgAAAAEABgD/////AgAGAOgDAAAEAAQA/////xAABgD/////IAAEAP////8=
trusted.SGI_ACL_FILE=0sAAAABQAAAAH/////AAYAAAAAAAIAAAPoAAYAAAAAAAT/////AAQAAAAAABD/////AAYAAAAAACD/////AAQAAA==
$ chmod 0 f
$ setfattr -n trusted.SGI_ACL_FILE -v
0sAAAABQAAAAH/////AAYAAAAAAAIAAAPoAAYAAAAAAAT/////AAQAAAAAABD/////AAYAAAAAACD/////AAQAAA==
f
$ ls -l f
----------+ 1 root root 0 Oct 23 15:04 /var/tmp/f
$ getfacl f
# file: f
# owner: root
# group: root
user::---
user:agruenba:rw- #effective:---
group::r-- #effective:---
mask::---
other::---
$ getfattr -m- -d f
# file: f
security.selinux="unconfined_u:object_r:user_tmp_t:s0"
system.posix_acl_access=0sAgAAAAEAAAD/////AgAGAOgDAAAEAAQA/////xAAAAD/////IAAAAP////8=
trusted.SGI_ACL_FILE=0sAAAABQAAAAH/////AAYAAAAAAAIAAAPoAAYAAAAAAAT/////AAQAAAAAABD/////AAYAAAAAACD/////AAQAAA==
Here, the file mode and the reported value of system.posix_acl_access
are both wrong; trusted.SGI_ACL_FILE corresponds to what's stored on
disk.
Access to trusted.* attributes is limited to users capable of
CAP_SYS_ADMIN so ordinary users cannot cause this kind of damage, but
this still deserves fixing.
Thanks,
Andreas
|