Bug #664
Umask masking "deny" ACL entries.
0%
Description
There is a bug regarding inheritance of "deny" entries. It seems their permissions are masked according to umask, just like for "allow" type entries, which means "stricter" umask results in "looser" permissions. Patch (unfortunately from FreeBSD Perforce, so it needs to be applied by hand) attached below:
==== //depot/user/pjd/zfs/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c#42 (text) ====
@@ -1467,7 +1467,7 @@
* Limit permissions to be no greater than
* group permissions
*/
- if (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) {
+ if (type == ALLOW && zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) {
if (!(mode & S_IRGRP))
access_mask &= ~ACE_READ_DATA;
if (!(mode & S_IWGRP))
Related issues
Updated by Albert Lee about 10 years ago
- Status changed from New to In Progress
- Assignee set to Albert Lee
Taking, will address with possible reintroduction of aclmode.
Updated by Gordon Ross almost 10 years ago
- Status changed from In Progress to Resolved
- Difficulty set to Medium
- Tags set to needs-triage
changeset: 13370:8c04143bd318
tag: tip
user: Albert Lee <trisk@nexenta.com>
date: Sat May 14 00:29:13 2011 -0400
description:
742 Resurrect the ZFS "aclmode" property
664 Umask masking "deny" ACL entries.
279 Bug in the new ACL (post-PSARC/2010/029) semantics
Reviewed by: Aram Hăvărneanu <aram@nexenta.com>
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Robert Gordon <rbg@openrbg.com>
Reviewed by: Mark.Maybee@oracle.com
Approved by: Garrett D'Amore <garrett@nexenta.com>