Project

General

Profile

Bug #12288

getfacl and setfacl could stand improvement

Added by Peter Tribble 10 months ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Looking at getfacl and setfacl, these could do with tidying up.

There are compiler warning and smatch gags.

The error text refers to Solaris, and differs between setfacl and getfacl

The man pages need modernizing, as they don't fully reflect the shift from POSIX-draft to NFSv4 ACLs

#1

Updated by Peter Tribble 10 months ago

Testing procedure:

Create a ufs filesystem

mkfile 128m /tmp/128m
chmod o-t /tmp/128m
lofiadm -a /tmp/128m
env NOINUSE_CHECK=1 /usr/sbin/newfs -o space -m 0 /dev/rlofi/1
mkdir /tmp/128
mount -Fufs -o nologging /dev/lofi/1 /tmp/128
chown ptribble /tmp/128

mkdir /tmp/128/{a,b,c}d
touch /tmp/128/{a,b,c}f

Check that the new setfacl correctly sets, adds, and deletes ACL
entries correctly.

Check that the new getfacl generates the same output as the old.

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/ad

./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/ad

Test modify (add)

/usr/bin/setfacl -m u:jack:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwx /tmp/128/bf

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/bf
./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/bf

Test delete

/usr/bin/setfacl -d u:jack:rwx /tmp/128/af
./usr/bin/setfacl -d u:jack:rwx /tmp/128/bf

Test set

/usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf
./usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf

/usr/bin/getfacl /tmp/128/cf
./usr/bin/getfacl /tmp/128/cf

Test default ACLs

./usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/ad
/usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/bd

./usr/bin/getfacl /tmp/128/ad
./usr/bin/getfacl /tmp/128/bd

Test it on a zfs filesystem to verify it generates an error

./usr/bin/setfacl -m u:jack:rwx ~/af
./usr/bin/getfacl ~/af

Test that it correctly rejects invalid acl specifications

./usr/bin/setfacl -m u:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwd /tmp/128/af
./usr/bin/setfacl -m u::jack:rwd /tmp/128/af

#2

Updated by Electric Monk 10 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit f5f3cbec075f8308da054292c7c7d96373c956ee

commit  f5f3cbec075f8308da054292c7c7d96373c956ee
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2020-02-15T16:42:14.000Z

    12288 getfacl and setfacl could stand improvement
    Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF