From owner-freebsd-fs@FreeBSD.ORG Mon Oct 17 07:25:46 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6795616A41F; Mon, 17 Oct 2005 07:25:46 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from antsrv1.ant.uni-bremen.de (antsrv1.ant.uni-bremen.de [134.102.176.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC24943D48; Mon, 17 Oct 2005 07:25:45 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv1.ant.uni-bremen.de with esmtp (Exim 4.54 (FreeBSD)) id 1ERPNP-000EKL-Jv; Mon, 17 Oct 2005 09:25:43 +0200 Message-ID: <435351F7.10101@ant.uni-bremen.de> Date: Mon, 17 Oct 2005 09:25:43 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050831 Debian/1.7.8-1sarge2 X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> In-Reply-To: <20051014203021.L66014@fledge.watson.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2005 07:25:46 -0000 Robert Watson wrote: > > On Fri, 14 Oct 2005, Victor Sudakov wrote: > >> Heinrich Rebehn wrote: >> >>> >>> As you can see, it works for the dirs created by hand, but not for >>> the dir created by tar. >> >> >> I think tar does a chmod on extracted files because it stores and >> extracts permission information. I really see no way of working around >> this. >> >> However, I think those people who designed POSIX ACLs might have had a >> solution for this problem, it is too common. > > > Our tar speaks ACLs, but I'm not sure what model it uses to decide what > to do with the default ACL of the directory where the tar is extracted. > It could well be that tar specifically restores ACLs, overriding the > default ACL where the files are untar'd. > > Robert N M Watson It happens even when the tar is extracted on a Linux system via NFS, so i do not think that tar restores ACL's here. However it does restore file permissions looking into the archive shows: -bash-2.05b$ tar tzvf \ /export/linux/root/debian/usr/local/src/TARS/STonX-0.6.5.tar.gz |more drwx--x--x 0 root root 0 Feb 9 1996 STonX-0.6.5/ ... So there is in fact no write permission for group. Doing this by hand: -bash-2.05b$ umask 0 -bash-2.05b$ mkdir D3 -bash-2.05b$ ls -lod D3 drwxrwx---+ 2 a1 ntlab - 512 Oct 17 09:22 D3 -bash-2.05b$ getfacl D3 #file:D3 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- -bash-2.05b$ chmod g-w D3 -bash-2.05b$ ls -lod D3 drwxr-x---+ 2 a1 ntlab - 512 Oct 17 09:22 D3 -bash-2.05b$ getfacl D3 #file:D3 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx # effective: r-x mask::r-x other::--- Why is the write bit of the mask reset when removing write perms for group? Is this really intended? This does not make sense to me, because both permissions pertain to different groups. --Heinrich