From owner-freebsd-current@FreeBSD.ORG Sun Aug 3 20:55:39 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89C3537B401 for ; Sun, 3 Aug 2003 20:55:39 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC40843F85 for ; Sun, 3 Aug 2003 20:55:38 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h743sTai064964 for ; Sun, 3 Aug 2003 23:54:29 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h743sTDY064961 for ; Sun, 3 Aug 2003 23:54:29 -0400 (EDT) Date: Sun, 3 Aug 2003 23:54:29 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: current@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Change in application of default ACLs in UFS X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 03:55:39 -0000 Just an FYI to users of ACLs on UFS -- I've modified the semantics of the application of the default ACL in combination with the umask. The result is that the application of default ACLs is now more conservative than previously, so you may want to keep an eye out and make sure all the ACLs still mean what you thought they meant. I'm still exploring what the best default ACL semantics to use are -- we're now implementing POSIX.1e "as spec" (bitwise and). It's worth observing this is not quite the same semantics as Solaris and Linux, in which the the ACL mask overrides the umask. I have an ACL development branch in Perforce where I'm experimenting with these semantics, and will probably merge support for that prior to 5.3, probably as an option. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories ---------- Forwarded message ---------- Date: Sun, 3 Aug 2003 20:29:13 -0700 (PDT) From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c rwatson 2003/08/03 20:29:13 PDT FreeBSD src repository Modified files: sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c Log: Now that the central POSIX.1e ACL code implements functions to generate the inode mode from a default ACL and creation mask, implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode(). Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no longer need to explicitly pass in a "preserve_mask" field: this is implicit in the use of POSIX.1e semantics. Note: this change contains a semantic bugfix for new file creation: we now intersect the ACL-generated mode and the cmode requested by the user process. This means permissions on newly created file objects will now be more conservative. In the future, we may want to provide alternative semantics (similar to Solaris and Linux) in which the ACL mask overrides the umask, permitting ACLs to broaden the rights beyond the requested umask. PR: 50148 Reported by: Ritz, Bruno Obtained from: TrustedBSD Project Revision Changes Path 1.5 +1 -2 src/sys/ufs/ufs/acl.h 1.18 +8 -78 src/sys/ufs/ufs/ufs_acl.c 1.232 +4 -8 src/sys/ufs/ufs/ufs_vnops.c