[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Query about setfacl behavior

To: jtrostel@snapserver.com
Subject: Re: Query about setfacl behavior
From: Timothy Shimmin <tes@boing.melbourne.sgi.com>
Date: Wed, 1 May 2002 17:25:50 +1000
Cc: linux-xfs@oss.sgi.com
In-reply-to: <XFMail.20020430132028.jtrostel@snapserver.com>; from jtrostel@snapserver.com on Tue, Apr 30, 2002 at 01:20:28PM -0400
References: <XFMail.20020430132028.jtrostel@snapserver.com>
Sender: owner-linux-xfs@oss.sgi.com

On Tue, Apr 30, 2002 at 01:20:28PM -0400, jtrostel@snapserver.com wrote:
> I am wondering if this is correct behavior...
> 
Yeah it looks wrong, John. 
It looks like the mask ACE is getting the group permissions.

e.g.
========================================================
[root@sagan xfs1]# getfacl wow
# file: wow
# owner: root
# group: root
user::r--
group::rw-
other::rwx

[root@sagan xfs1]# setfacl -m m::--- wow
[root@sagan xfs1]# getfacl wow
# file: wow
# owner: root
# group: root
user::r--
group::rw-                      #effective:---
mask::---
other::rwx

[root@sagan xfs1]# setfacl -m u::r-x wow
[root@sagan xfs1]# getfacl wow
# file: wow
# owner: root
# group: root
user::r-x
group::rw-
mask::rw-
other::rwx
========================================================

I'll look into it...

--Tim



> Using XFS CVS tip as of this morning (4/30/02) which gives me acl 2.0.10
> 
> [jt@jtsdevel xfs_part]$ getfacl --version
> getfacl 2.0.10
> 
> Set up an xfs partition with acls as follows:
> 
> [jt@jtsdevel xfs_part]$ pwd
> /mnt/xfs_part
> [jt@jtsdevel xfs_part]$ getfacl .
> # file: .
> # owner: root
> # group: root
> user::rwx
> group::rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:group::rwx
> default:mask::rwx
> default:other::rwx
> 
> I then created a new directoryon that partition, named jts_dir
> 
> [jt@jtsdevel xfs_part]$ mkdir jts_dir
> 
> [jt@jtsdevel xfs_part]$ getfacl jts_dir/
> # file: jts_dir
> # owner: jt
> # group: jt
> user::rwx
> group::rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:group::rwx
> default:mask::rwx
> default:other::rwx
> 
> Now.. I added an auxillary user 'a1' to the access aces.
> 
> [jt@jtsdevel xfs_part]$ setfacl -m u:a1:rwx jts_dir/
> [jt@jtsdevel xfs_part]$ getfacl jts_dir/
> # file: jts_dir
> # owner: jt
> # group: jt
> user::rwx
> user:a1:rwx
> group::rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:group::rwx
> default:mask::rwx
> default:other::rwx
> 
> Change the mask ace to no perms
> 
> [jt@jtsdevel xfs_part]$ setfacl -m m::--- jts_dir/
> [jt@jtsdevel xfs_part]$ getfacl jts_dir/
> # file: jts_dir
> # owner: jt
> # group: jt
> user::rwx
> user:a1:rwx                     #effective:---
> group::rwx                      #effective:---
> mask::---
> other::rwx
> default:user::rwx
> default:group::rwx
> default:mask::rwx
> default:other::rwx
> 
> NOW!  Change the aux. user 'a1' perms to something else, for instance 'rw'. The
> mask ace is also changed now. (It went from --- to rwx)  Why?
> 
> 
> [jt@jtsdevel xfs_part]$ setfacl -m u:a1:rw jts_dir/
> [jt@jtsdevel xfs_part]$ getfacl jts_dir/
> # file: jts_dir
> # owner: jt
> # group: jt
> user::rwx
> user:a1:rw-
> group::rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:group::rwx
> default:mask::rwx
> default:other::rwx
> 
> P.S. (For XFS folks: chacl -l returns the same values)
> 
> -- 
> John M. Trostel
> Senior Software Engineer
> Quantum Corp. / NASD
> jtrostel@snapserver.com
>

Follow-Ups:
- Re: Query about setfacl behavior
  - From: Timothy Shimmin <tes@boing.melbourne.sgi.com>

Prev by Date: Re: Chattr
Next by Date: Re: Chattr
Previous by thread: Re: Chattr
Next by thread: Re: Query about setfacl behavior
Index(es):
- Date
- Thread