Project

General

Profile

Bug #12288

getfacl and setfacl could stand improvement

Added by Peter Tribble 11 days ago. Updated 4 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

Looking at getfacl and setfacl, these could do with tidying up.

There are compiler warning and smatch gags.

The error text refers to Solaris, and differs between setfacl and getfacl

The man pages need modernizing, as they don't fully reflect the shift from POSIX-draft to NFSv4 ACLs

History

#1

Updated by Peter Tribble 4 days ago

Testing procedure:

Create a ufs filesystem

mkfile 128m /tmp/128m
chmod o-t /tmp/128m
lofiadm -a /tmp/128m
env NOINUSE_CHECK=1 /usr/sbin/newfs -o space -m 0 /dev/rlofi/1
mkdir /tmp/128
mount -Fufs -o nologging /dev/lofi/1 /tmp/128
chown ptribble /tmp/128

mkdir /tmp/128/{a,b,c}d
touch /tmp/128/{a,b,c}f

Check that the new setfacl correctly sets, adds, and deletes ACL
entries correctly.

Check that the new getfacl generates the same output as the old.

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/ad

./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/ad

Test modify (add)

/usr/bin/setfacl -m u:jack:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwx /tmp/128/bf

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/bf
./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/bf

Test delete

/usr/bin/setfacl -d u:jack:rwx /tmp/128/af
./usr/bin/setfacl -d u:jack:rwx /tmp/128/bf

Test set

/usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf
./usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf

/usr/bin/getfacl /tmp/128/cf
./usr/bin/getfacl /tmp/128/cf

Test default ACLs

./usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/ad
/usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/bd

./usr/bin/getfacl /tmp/128/ad
./usr/bin/getfacl /tmp/128/bd

Test it on a zfs filesystem to verify it generates an error

./usr/bin/setfacl -m u:jack:rwx ~/af
./usr/bin/getfacl ~/af

Test that it correctly rejects invalid acl specifications

./usr/bin/setfacl -m u:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwd /tmp/128/af
./usr/bin/setfacl -m u::jack:rwd /tmp/128/af

#2

Updated by Electric Monk 4 days ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit f5f3cbec075f8308da054292c7c7d96373c956ee

commit  f5f3cbec075f8308da054292c7c7d96373c956ee
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2020-02-15T16:42:14.000Z

    12288 getfacl and setfacl could stand improvement
    Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF