From owner-freebsd-questions@FreeBSD.ORG Wed Mar 21 16:51:33 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0DC9616A403 for ; Wed, 21 Mar 2007 16:51:33 +0000 (UTC) (envelope-from cedric@decemplex.net) Received: from mail.decemplex.net (mail.decemplex.net [80.237.247.202]) by mx1.freebsd.org (Postfix) with ESMTP id B9C3B13C45E for ; Wed, 21 Mar 2007 16:51:32 +0000 (UTC) (envelope-from cedric@decemplex.net) Received: from localhost (mail.decemplex.net [80.237.247.202]) by mail.decemplex.net (Postfix) with ESMTP id B66497D1A6A; Wed, 21 Mar 2007 17:51:31 +0100 (CET) X-Virus-Scanned: amavisd-new at decemplex.net Received: from mail.decemplex.net ([80.237.247.202]) by localhost (mail.decemplex.net [80.237.247.202]) (amavisd-new, port 10024) with LMTP id aMcf6bAOqYUx; Wed, 21 Mar 2007 17:51:23 +0100 (CET) Received: from decemplex.loc (201-186-112-217.dyn.adsl.belcenter.be [217.112.186.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.decemplex.net (Postfix) with ESMTP id 004AD7D1963; Wed, 21 Mar 2007 17:51:22 +0100 (CET) Date: Wed, 21 Mar 2007 17:51:07 +0100 From: =?ISO-8859-1?Q?C=E9dric?= Jonas To: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Message-ID: <20070321175107.2dee0495@ganymed> X-Mailer: Claws Mail 2.8.1 (GTK+ 2.10.11; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_+aCdUc=aPUJzzf+WH4yh0r3"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: Subject: ACL's doesn't work with SUIDDIR X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2007 16:51:33 -0000 --Sig_+aCdUc=aPUJzzf+WH4yh0r3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi all, I'm using FreeBSD 6.2-RELEASE, with suiddir set as option in kernel config and fstab (+ acl support). My goal is to have a directory (precisely a SVN repo) writable by X specific users, where all created/modified files remain owned by svn. I know that's not the only way to do it - but I have reasons to do it so and not differently. I tried following: drwx------ 7 svn users 512 21 M=E4r 17:30 braintrust =3D> user thomas CANT'T write in braintrust setfacl -d -m u::rwx,g::---,o::---,u:thomas:rwx braintrust/ drwx------ 7 svn users 512 21 M=E4r 17:31 braintrust =3D> user thomas CAN'T write in braintrust - but he got an default ACL that will apply on all created files in braintrust setfacl -m u:thomas:rwx braintrust/ drwxrwx---+ 7 svn users 512 21 M=E4r 17:34 braintrust =3D> user thomas CAN write in braintrust - and all created files in braintrust got the default ACL chmod +s braintrust/ drwsrws---+ 7 svn users 512 21 M=E4r 17:35 braintrust =3D> braintrust get the suidbit/sgidbit, and all files created by thomas in braintrust should be owned by svn|users BUT: after +s, user thomas CAN'T write anymore in braintrust, the error is not "Permission denied", but "Operation not permitted". However, he can read the directory content. If I do the same with a directory that hasn't ACL's, it works as expected... If I understand the manpages correctly, this isn't the correct behavior, but a bug. Can this be fixed? If I miss understand something, thanks to correct me. --=20 C=E9dric Jonas cedric@decemplex.net GPG ID: 30CCFE8D GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D Jabber-ID: cedric@decemplex.net --Sig_+aCdUc=aPUJzzf+WH4yh0r3 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGAWJ7kESqmTDM/o0RAh1BAKCfWDsXlk/5u87/BYr22XM1FIPsFwCfR0+6 H60Lm2Dl5fe6ZxGAXVFnXhQ= =JtBt -----END PGP SIGNATURE----- --Sig_+aCdUc=aPUJzzf+WH4yh0r3--