Date: Wed, 21 Mar 2007 17:51:07 +0100 From: =?ISO-8859-1?Q?C=E9dric?= Jonas <cedric@decemplex.net> To: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: ACL's doesn't work with SUIDDIR Message-ID: <20070321175107.2dee0495@ganymed>
next in thread | raw e-mail | index | archive | help
--Sig_+aCdUc=aPUJzzf+WH4yh0r3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi all, I'm using FreeBSD 6.2-RELEASE, with suiddir set as option in kernel config and fstab (+ acl support). My goal is to have a directory (precisely a SVN repo) writable by X specific users, where all created/modified files remain owned by svn. I know that's not the only way to do it - but I have reasons to do it so and not differently. I tried following: drwx------ 7 svn users 512 21 M=E4r 17:30 braintrust =3D> user thomas CANT'T write in braintrust setfacl -d -m u::rwx,g::---,o::---,u:thomas:rwx braintrust/ drwx------ 7 svn users 512 21 M=E4r 17:31 braintrust =3D> user thomas CAN'T write in braintrust - but he got an default ACL that will apply on all created files in braintrust setfacl -m u:thomas:rwx braintrust/ drwxrwx---+ 7 svn users 512 21 M=E4r 17:34 braintrust =3D> user thomas CAN write in braintrust - and all created files in braintrust got the default ACL chmod +s braintrust/ drwsrws---+ 7 svn users 512 21 M=E4r 17:35 braintrust =3D> braintrust get the suidbit/sgidbit, and all files created by thomas in braintrust should be owned by svn|users BUT: after +s, user thomas CAN'T write anymore in braintrust, the error is not "Permission denied", but "Operation not permitted". However, he can read the directory content. If I do the same with a directory that hasn't ACL's, it works as expected... If I understand the manpages correctly, this isn't the correct behavior, but a bug. Can this be fixed? If I miss understand something, thanks to correct me. --=20 C=E9dric Jonas cedric@decemplex.net GPG ID: 30CCFE8D GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D Jabber-ID: cedric@decemplex.net --Sig_+aCdUc=aPUJzzf+WH4yh0r3 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGAWJ7kESqmTDM/o0RAh1BAKCfWDsXlk/5u87/BYr22XM1FIPsFwCfR0+6 H60Lm2Dl5fe6ZxGAXVFnXhQ= =JtBt -----END PGP SIGNATURE----- --Sig_+aCdUc=aPUJzzf+WH4yh0r3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070321175107.2dee0495>