[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Query about setfacl behavior

To: Timothy Shimmin <tes@boing.melbourne.sgi.com>
Subject: Re: Query about setfacl behavior
From: Andreas Gruenbacher <ag@bestbits.at>
Date: Thu, 2 May 2002 08:05:37 +0200 (CEST)
Cc: <jtrostel@snapserver.com>, <linux-xfs@oss.sgi.com>
In-reply-to: <20020502105917.T793932@boing.melbourne.sgi.com>
Sender: owner-linux-xfs@oss.sgi.com

On Thu, 2 May 2002, Timothy Shimmin wrote:

> Hi Andreas,
>
> On Wed, May 01, 2002 at 12:44:39PM +0200, Andreas Gruenbacher wrote:
> > On Wed, 1 May 2002, Timothy Shimmin wrote:
> >
> > >
> > > setfacl is about to set the acl with a mask ACE of m::rw-
> > > even though the mask ACE is currently m::---.
> > > It seems that setfacl(1) is looking at the GROUP_OBJ ace and
> > > setting the mask ACE to this !
> > >
> > > In XFS, if we have a mask ACE then it is kept in sync with the
> > > group permissions (as per the standard),
> > > but the GROUP_OBJ ACE is left unaltered.
> > > So setfacl(1) is sync'ing the mask ACE with the GROUP_OBJ ACE
> > > and we are in trouble.
> > > The question is, why is setfacl(1) doing this ?
> >
> > Because this is what setfacl is supposed to do according to the
> > specification.
> >
> > Unless the -n option is not used, setfacl recalculates the permissions in
> I think you mean "unless the -n option is used"

Yes.

> > the ACL mask entry whenever the ACL changes, as long as no mask entry is
> > explicitly given. The permissions are set to the union of the permissions
> > of all ACL_USER, ACL_GROUP_OBJ, and ACL_GROUP entries. This gives:
> >
> This ACL stuff is weird.
> Looking at the std (1003.2c sect.8.2.7) it says:
>    "For both the -m and -M options, ...
>     If no mask entry is specified and the -n option is not specified
>     then the permissions of the resulting ACL mask entry shall be set
>     to the union of the permissions associated with all entries
>     which belong to the file group class in the resulting ACL ..."
> So is ACL_USER part of the file group class (noting what you said above) ?
> What is the definition of "entries which belong to the file group class" ?

The changes to the interpretation of the file group class concept is
explained in Section 2.2.2.28. The file group class contains all entries
which are affected by the mask entry. These are the entries of type
ACL_USER, ACL_GROUP_OBJ, and ACL_GROUP, as was said before.

The ACL specification is a bit complex because it tries to be as
compatible with traditional POSIX systems as possible.

--Andreas.

------------------------------------------------------------------------
 Andreas Gruenbacher, a.gruenbacher@computer.org
 Contact information: http://www.bestbits.at/~ag/

References:
- Re: Query about setfacl behavior
  - From: Timothy Shimmin <tes@boing.melbourne.sgi.com>

Prev by Date: Re: Free space question
Next by Date: Cannot see pdf or ps files
Previous by thread: Re: Query about setfacl behavior
Next by thread: Re: [Acl-Devel] Query about setfacl behavior
Index(es):
- Date
- Thread