Bug #279
Bug in the new ACL (post-PSARC/2010/029) semantics
Start date:
2010-09-29
Due date:
% Done:
0%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Description
The ACL generated for mode 0077 looks like this:
owner@:rwx-----------:------:deny
owner@:------aARWcCos:------:allow
group@:rwxp--a-R-c--s:------:allow
everyone@:rwxp--a-R-c--s:------:allow
It should look like this instead (note the "append" permission in the first entry):
owner@:rwxp----------:------:deny
owner@:------aARWcCos:------:allow
group@:rwxp--a-R-c--s:------:allow
everyone@:rwxp--a-R-c--s:------:allow
Suggested patch looks like this:
--- sys/cddl/contrib/opensolaris/common/acl/acl_common.c 2010-08-30 10:40:14.353057022 +0200
+++ sys/cddl/contrib/opensolaris/common/acl/acl_common.c.new 2010-09-20 22:26:36.588374918 +0200
@@ -1581,21 +1581,21 @@ acl_trivial_access_masks(mode_t mode, ui
if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
*deny1 |= ACE_READ_DATA;
if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH)))
- *deny1 |= ACE_WRITE_DATA;
+ *deny1 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH)))
*deny1 |= ACE_EXECUTE;
if (!(mode & S_IRGRP) && (mode & S_IROTH))
*deny2 = ACE_READ_DATA;
if (!(mode & S_IWGRP) && (mode & S_IWOTH))
- *deny2 |= ACE_WRITE_DATA;
+ *deny2 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
if (!(mode & S_IXGRP) && (mode & S_IXOTH))
*deny2 |= ACE_EXECUTE;
if ((mode & S_IRUSR) && (!(mode & S_IRGRP) && (mode & S_IROTH)))
*allow0 |= ACE_READ_DATA;
if ((mode & S_IWUSR) && (!(mode & S_IWGRP) && (mode & S_IWOTH)))
- *allow0 |= ACE_WRITE_DATA;
+ *allow0 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
if ((mode & S_IXUSR) && (!(mode & S_IXGRP) && (mode & S_IXOTH)))
*allow0 |= ACE_EXECUTE;
Related issues
History
Updated by
Updated by Garrett D'Amore about 9 years ago
Updated by - Assignee set to Gordon Ross
Gordon, please have a look at this.
Updated by Albert Lee almost 9 years ago
Updated by - Category set to kernel
- Assignee changed from Gordon Ross to Albert Lee
This will be addressed as part of the aclmode resurrection.
Updated by Gordon Ross over 8 years ago
Updated by - Status changed from In Progress to Resolved
- Difficulty set to Medium
- Tags set to needs-triage
changeset: 13370:8c04143bd318
tag: tip
user: Albert Lee <trisk@nexenta.com>
date: Sat May 14 00:29:13 2011 -0400
description:
742 Resurrect the ZFS "aclmode" property
664 Umask masking "deny" ACL entries.
279 Bug in the new ACL (post-PSARC/2010/029) semantics
Reviewed by: Aram Hăvărneanu <aram@nexenta.com>
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Robert Gordon <rbg@openrbg.com>
Reviewed by: Mark.Maybee@oracle.com
Approved by: Garrett D'Amore <garrett@nexenta.com>