From owner-freebsd-current@FreeBSD.ORG  Wed Aug  6 11:20:48 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE26637B404
	for <current@freebsd.org>; Wed,  6 Aug 2003 11:20:48 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C119843FBF
	for <current@freebsd.org>; Wed,  6 Aug 2003 11:20:47 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h76IKeAL029786;
	Wed, 6 Aug 2003 14:20:40 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)h76IKeaK029783;
	Wed, 6 Aug 2003 14:20:40 -0400 (EDT)
Date: Wed, 6 Aug 2003 14:20:40 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: "Daniel C. Sobral" <dcs@tcoip.com.br>
In-Reply-To: <3F314145.1010908@tcoip.com.br>
Message-ID: <Pine.NEB.3.96L.1030806141854.29055A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: Change in application of default ACLs in UFS
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2003 18:20:49 -0000


On Wed, 6 Aug 2003, Daniel C. Sobral wrote:

> >   Note: this change contains a semantic bugfix for new file creation:
> >   we now intersect the ACL-generated mode and the cmode requested by
> >   the user process.  This means permissions on newly created file
> >   objects will now be more conservative.  In the future, we may want
> >   to provide alternative semantics (similar to Solaris and Linux) in
> >   which the ACL mask overrides the umask, permitting ACLs to broaden
> >   the rights beyond the requested umask.
> 
> FWIW, I don't like it. This means I'll have to change my umask to o+rw
> for my ACLs to work correctly, since I use ACLs to _give_ rights in ways
> that umask cannot. 

I'm in the throes of implementing changes that push umask processing down
into individual file systems, permitting UFS ACLs to override the umask
using the ACL mask, which would reproduce the Solaris/Linux model
(non-POSIX.1e).  However, there are some interesting implementation
question shtere, so it will probably be a bit (perhaps a couple of weeks)
before I have a useful prototype worth reviewing.  I agree that those
semantics are useful, however :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories