Actions
Bug #279
closedBug in the new ACL (post-PSARC/2010/029) semantics
Start date:
2010-09-29
Due date:
% Done:
0%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
Description
The ACL generated for mode 0077 looks like this:
owner@:rwx-----------:------:deny owner@:------aARWcCos:------:allow group@:rwxp--a-R-c--s:------:allow everyone@:rwxp--a-R-c--s:------:allow
It should look like this instead (note the "append" permission in the first entry):
owner@:rwxp----------:------:deny owner@:------aARWcCos:------:allow group@:rwxp--a-R-c--s:------:allow everyone@:rwxp--a-R-c--s:------:allow
Suggested patch looks like this:
--- sys/cddl/contrib/opensolaris/common/acl/acl_common.c 2010-08-30 10:40:14.353057022 +0200 +++ sys/cddl/contrib/opensolaris/common/acl/acl_common.c.new 2010-09-20 22:26:36.588374918 +0200 @@ -1581,21 +1581,21 @@ acl_trivial_access_masks(mode_t mode, ui if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) *deny1 |= ACE_READ_DATA; if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH))) - *deny1 |= ACE_WRITE_DATA; + *deny1 |= ACE_WRITE_DATA|ACE_APPEND_DATA; if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH))) *deny1 |= ACE_EXECUTE; if (!(mode & S_IRGRP) && (mode & S_IROTH)) *deny2 = ACE_READ_DATA; if (!(mode & S_IWGRP) && (mode & S_IWOTH)) - *deny2 |= ACE_WRITE_DATA; + *deny2 |= ACE_WRITE_DATA|ACE_APPEND_DATA; if (!(mode & S_IXGRP) && (mode & S_IXOTH)) *deny2 |= ACE_EXECUTE; if ((mode & S_IRUSR) && (!(mode & S_IRGRP) && (mode & S_IROTH))) *allow0 |= ACE_READ_DATA; if ((mode & S_IWUSR) && (!(mode & S_IWGRP) && (mode & S_IWOTH))) - *allow0 |= ACE_WRITE_DATA; + *allow0 |= ACE_WRITE_DATA|ACE_APPEND_DATA; if ((mode & S_IXUSR) && (!(mode & S_IXGRP) && (mode & S_IXOTH))) *allow0 |= ACE_EXECUTE;
Related issues
Updated by Garrett D'Amore over 11 years ago
- Assignee set to Gordon Ross
Gordon, please have a look at this.
Updated by Albert Lee about 11 years ago
- Category set to kernel
- Assignee changed from Gordon Ross to Albert Lee
This will be addressed as part of the aclmode resurrection.
Updated by Gordon Ross about 11 years ago
- Status changed from In Progress to Resolved
- Difficulty set to Medium
- Tags set to needs-triage
changeset: 13370:8c04143bd318
tag: tip
user: Albert Lee <trisk@nexenta.com>
date: Sat May 14 00:29:13 2011 -0400
description:
742 Resurrect the ZFS "aclmode" property
664 Umask masking "deny" ACL entries.
279 Bug in the new ACL (post-PSARC/2010/029) semantics
Reviewed by: Aram Hăvărneanu <aram@nexenta.com>
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Robert Gordon <rbg@openrbg.com>
Reviewed by: Mark.Maybee@oracle.com
Approved by: Garrett D'Amore <garrett@nexenta.com>
Actions