Project

General

Profile

Bug #279

Bug in the new ACL (post-PSARC/2010/029) semantics

Added by Edward Tomasz Napierala almost 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2010-09-29
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

The ACL generated for mode 0077 looks like this:

            owner@:rwx-----------:------:deny
            owner@:------aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:rwxp--a-R-c--s:------:allow

It should look like this instead (note the "append" permission in the first entry):
            owner@:rwxp----------:------:deny
            owner@:------aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:rwxp--a-R-c--s:------:allow

Suggested patch looks like this:
--- sys/cddl/contrib/opensolaris/common/acl/acl_common.c        2010-08-30 10:40:14.353057022 +0200
+++ sys/cddl/contrib/opensolaris/common/acl/acl_common.c.new    2010-09-20 22:26:36.588374918 +0200
@@ -1581,21 +1581,21 @@ acl_trivial_access_masks(mode_t mode, ui
        if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH)))
                *deny1 |= ACE_READ_DATA;
        if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH)))
-               *deny1 |= ACE_WRITE_DATA;
+               *deny1 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
        if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH)))
                *deny1 |= ACE_EXECUTE;

        if (!(mode & S_IRGRP) && (mode & S_IROTH))
                *deny2 = ACE_READ_DATA;
        if (!(mode & S_IWGRP) && (mode & S_IWOTH))
-               *deny2 |= ACE_WRITE_DATA;
+               *deny2 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
        if (!(mode & S_IXGRP) && (mode & S_IXOTH))
                *deny2 |= ACE_EXECUTE;

        if ((mode & S_IRUSR) && (!(mode & S_IRGRP) && (mode & S_IROTH)))
                *allow0 |= ACE_READ_DATA;
        if ((mode & S_IWUSR) && (!(mode & S_IWGRP) && (mode & S_IWOTH)))
-               *allow0 |= ACE_WRITE_DATA;
+               *allow0 |= ACE_WRITE_DATA|ACE_APPEND_DATA;
        if ((mode & S_IXUSR) && (!(mode & S_IXGRP) && (mode & S_IXOTH)))
                *allow0 |= ACE_EXECUTE;


Related issues

Related to illumos gate - Feature #742: Resurrect the ZFS "aclmode" propertyResolved2011-02-18

Actions

History

#1

Updated by Jeppe Toustrup almost 10 years ago

Fixed up the formatting a bit

#2

Updated by Garrett D'Amore over 9 years ago

  • Assignee set to Gordon Ross

Gordon, please have a look at this.

#3

Updated by Albert Lee over 9 years ago

  • Category set to kernel
  • Assignee changed from Gordon Ross to Albert Lee

This will be addressed as part of the aclmode resurrection.

#4

Updated by Albert Lee over 9 years ago

  • Status changed from New to In Progress
#5

Updated by Gordon Ross over 9 years ago

  • Status changed from In Progress to Resolved
  • Difficulty set to Medium
  • Tags set to needs-triage

changeset: 13370:8c04143bd318
tag: tip
user: Albert Lee <>
date: Sat May 14 00:29:13 2011 -0400
description:
742 Resurrect the ZFS "aclmode" property
664 Umask masking "deny" ACL entries.
279 Bug in the new ACL (post-PSARC/2010/029) semantics
Reviewed by: Aram Hăvărneanu <>
Reviewed by: Gordon Ross <>
Reviewed by: Robert Gordon <>
Reviewed by:
Approved by: Garrett D'Amore <>

Also available in: Atom PDF