Project

General

Profile

Bug #664

Umask masking "deny" ACL entries.

Added by Edward Tomasz Napierala about 10 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2011-01-26
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

There is a bug regarding inheritance of "deny" entries. It seems their permissions are masked according to umask, just like for "allow" type entries, which means "stricter" umask results in "looser" permissions. Patch (unfortunately from FreeBSD Perforce, so it needs to be applied by hand) attached below:

==== //depot/user/pjd/zfs/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c#42 (text) ====

@@ -1467,7 +1467,7 @@
                         * Limit permissions to be no greater than
                         * group permissions
                         */
-                       if (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) {
+                       if (type == ALLOW && zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) {
                                if (!(mode & S_IRGRP))
                                        access_mask &= ~ACE_READ_DATA;
                                if (!(mode & S_IWGRP))


Related issues

Related to illumos gate - Feature #742: Resurrect the ZFS "aclmode" propertyResolvedAlbert Lee2011-02-18

Actions

Also available in: Atom PDF