Project

General

Profile

Actions
Copy link

Bug #12288

closed

getfacl and setfacl could stand improvement

Added by Peter Tribble almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Peter Tribble
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

Looking at getfacl and setfacl, these could do with tidying up.

There are compiler warning and smatch gags.

The error text refers to Solaris, and differs between setfacl and getfacl

The man pages need modernizing, as they don't fully reflect the shift from POSIX-draft to NFSv4 ACLs

Actions
Copy link
 #1

Updated by Peter Tribble almost 4 years ago

Testing procedure:

Create a ufs filesystem

mkfile 128m /tmp/128m
chmod o-t /tmp/128m
lofiadm -a /tmp/128m
env NOINUSE_CHECK=1 /usr/sbin/newfs -o space -m 0 /dev/rlofi/1
mkdir /tmp/128
mount -Fufs -o nologging /dev/lofi/1 /tmp/128
chown ptribble /tmp/128

mkdir /tmp/128/{a,b,c}d
touch /tmp/128/{a,b,c}f

Check that the new setfacl correctly sets, adds, and deletes ACL
entries correctly.

Check that the new getfacl generates the same output as the old.

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/ad

./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/ad

Test modify (add)

/usr/bin/setfacl -m u:jack:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwx /tmp/128/bf

/usr/bin/getfacl /tmp/128/af
/usr/bin/getfacl /tmp/128/bf
./usr/bin/getfacl /tmp/128/af
./usr/bin/getfacl /tmp/128/bf

Test delete

/usr/bin/setfacl -d u:jack:rwx /tmp/128/af
./usr/bin/setfacl -d u:jack:rwx /tmp/128/bf

Test set

/usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf
./usr/bin/setfacl s u::rwx,g::rwx,o:--,m:r-x /tmp/128/cf

/usr/bin/getfacl /tmp/128/cf
./usr/bin/getfacl /tmp/128/cf

Test default ACLs

./usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/ad
/usr/bin/setfacl m d:u::rw,d:g::r--,d:o:---,d:m:rw- /tmp/128/bd

./usr/bin/getfacl /tmp/128/ad
./usr/bin/getfacl /tmp/128/bd

Test it on a zfs filesystem to verify it generates an error

./usr/bin/setfacl -m u:jack:rwx ~/af
./usr/bin/getfacl ~/af

Test that it correctly rejects invalid acl specifications

./usr/bin/setfacl -m u:rwx /tmp/128/af
./usr/bin/setfacl -m u:jack:rwd /tmp/128/af
./usr/bin/setfacl -m u::jack:rwd /tmp/128/af

Actions
Copy link
 #2

Updated by Electric Monk almost 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit f5f3cbec075f8308da054292c7c7d96373c956ee

commit  f5f3cbec075f8308da054292c7c7d96373c956ee
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2020-02-15T16:42:14.000Z

    12288 getfacl and setfacl could stand improvement
    Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Actions
Copy link

Also available in: Atom PDF