From owner-freebsd-hackers Sat Nov 23 8: 5:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B407337B401 for ; Sat, 23 Nov 2002 08:05:14 -0800 (PST) Received: from mail.bg (dialup59.varna.spnet.net [213.169.38.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F68E43E4A for ; Sat, 23 Nov 2002 08:05:08 -0800 (PST) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id gANG4Maj000273 for ; Sat, 23 Nov 2002 18:04:23 +0200 (EET) (envelope-from dpenev@mail.bg) Received: (from dpenev@localhost) by mail.bg (8.12.5/8.12.5/Submit) id gANG4JTR000272 for freebsd-hackers@FreeBSD.ORG; Sat, 23 Nov 2002 18:04:19 +0200 (EET) Date: Sat, 23 Nov 2002 18:04:18 +0200 From: Dancho Penev To: freebsd-hackers@FreeBSD.ORG Subject: default acl for directory Message-ID: <20021123160418.GA252@earth.dpsca.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings, I was played with acl and specially default acl for directories at my FreeBSD-CURRENT machine with UFS2 filesystem and some questions appears to me: 1. How about default acl permission to override umask? Is that the idea who isn't yet implemented or you have opinions against that. 2. What are reasons to update ACL_MASK entry (if exist) or ACL_GROUP_OBJ entry (if mask doesn't exist) but not both in ufs_sync_acl_from_inode()? It's true that reverse function ufs_sync_inode_from_acl() uses the same logic but take a look at follow situation: root@earth:foodir# setfacl -dm u::rwx,g::rwx,o::rx ./ root@earth:foodir# getfacl -d ./ #file:./ #owner:0 #group:0 user::rwx group::rwx mask::rwx other::r-x root@earth:foodir# touch foo root@earth:foodir# ll total 4 drwxr-xr-x+ 2 root wheel - 512 Nov 23 13:22 . drwxr-xr-x 3 root wheel - 512 Nov 23 13:21 .. -rw-r--r--+ 1 root wheel - 0 Nov 23 13:22 foo root@earth:foodir# getfacl foo #file:foo #owner:0 #group:0 user::rw- group::rwx # effective: r-- mask::r-- other::r-- Here acl entries are not in sync with inode permissions, because as I said only mask entry is updated and group is discarded. But if we try this: root@earth:foodir# setfacl -m u:nobody:r foo root@earth:foodir# getfacl foo #file:foo #owner:0 #group:0 user::rw- user:nobody:r-- group::rwx mask::rwx other::r-- root@earth:foodir# ll total 4 drwxr-xr-x+ 2 root wheel - 512 Nov 23 13:22 . drwxr-xr-x 3 root wheel - 512 Nov 23 13:21 .. -rw-rwxr--+ 1 root wheel - 0 Nov 23 13:25 foo Now we have both acl and inode permissions in sync because setfacl call acl_calc_mask(). P.S. Please CC to me, I'm not subscribe to list (because I'm not a kernel hacker:) -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message