From owner-svn-src-head@FreeBSD.ORG Sat Apr 9 07:42:25 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C05EF106566B; Sat, 9 Apr 2011 07:42:25 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id AF81F8FC15; Sat, 9 Apr 2011 07:42:25 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p397gPNe005029; Sat, 9 Apr 2011 07:42:25 GMT (envelope-from trasz@svn.freebsd.org) Received: (from trasz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p397gPpF005025; Sat, 9 Apr 2011 07:42:25 GMT (envelope-from trasz@svn.freebsd.org) Message-Id: <201104090742.p397gPpF005025@svn.freebsd.org> From: Edward Tomasz Napierala Date: Sat, 9 Apr 2011 07:42:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r220465 - in head: bin/setfacl lib/libc/posix1e sys/sys X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Apr 2011 07:42:25 -0000 Author: trasz Date: Sat Apr 9 07:42:25 2011 New Revision: 220465 URL: http://svn.freebsd.org/changeset/base/220465 Log: Make it possible to use permission sets (full_set, modify_set, read_set and write_set) with setfacl(1). PR: kern/154113 Submitted by: Shawn Webb (earlier version) MFC after: 1 month Modified: head/bin/setfacl/setfacl.1 head/lib/libc/posix1e/acl_support_nfs4.c head/sys/sys/acl.h Modified: head/bin/setfacl/setfacl.1 ============================================================================== --- head/bin/setfacl/setfacl.1 Sat Apr 9 06:01:37 2011 (r220464) +++ head/bin/setfacl/setfacl.1 Sat Apr 9 07:42:25 2011 (r220465) @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2001 Chris D. Faulhaber +.\" Copyright (c) 2011 Edward Tomasz NapieraƂa .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -25,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 27, 2010 +.Dd April 9, 2011 .Dt SETFACL 1 .Os .Sh NAME @@ -307,7 +308,7 @@ Permissions in long form are separated b .Ql / character; in short form, they are concatenated together. Valid permissions are: -.Bl -tag -width ".Dv short" +.Bl -tag -width ".Dv modify_set" .It Short Long .It r @@ -339,6 +340,20 @@ write_owner .It S synchronize .El +.Pp +In addition, the following permission sets may be used: +.Bl -tag -width ".Dv modify_set" +.It Set +Permissions +.It full_set +all permissions, as shown above +.It modify_set +all permissions except write_acl and write_owner +.It read_set +read_data, read_attributes, read_xattr and read_acl +.It write_set +write_data, append_data, write_attributes and write_xattr +.El .It Ar "ACL inheritance flags" Inheritance flags may be specified in either short or long form. Short and long forms may not be mixed. Modified: head/lib/libc/posix1e/acl_support_nfs4.c ============================================================================== --- head/lib/libc/posix1e/acl_support_nfs4.c Sat Apr 9 06:01:37 2011 (r220464) +++ head/lib/libc/posix1e/acl_support_nfs4.c Sat Apr 9 07:42:25 2011 (r220465) @@ -70,6 +70,10 @@ struct flagnames_struct a_access_masks[] { ACL_WRITE_ACL, "write_acl", 'C'}, { ACL_WRITE_OWNER, "write_owner", 'o'}, { ACL_SYNCHRONIZE, "synchronize", 's'}, + { ACL_FULL_SET, "full_set", '\0'}, + { ACL_MODIFY_SET, "modify_set", '\0'}, + { ACL_READ_SET, "read_set", '\0'}, + { ACL_WRITE_SET, "write_set", '\0'}, { 0, 0, 0}}; static const char * @@ -117,7 +121,7 @@ format_flags_compact(char *str, size_t s { size_t i; - for (i = 0; flags[i].name != NULL; i++) { + for (i = 0; flags[i].letter != '\0'; i++) { assert(i < size); if ((flags[i].flag & var) == 0) str[i] = '-'; Modified: head/sys/sys/acl.h ============================================================================== --- head/sys/sys/acl.h Sat Apr 9 06:01:37 2011 (r220464) +++ head/sys/sys/acl.h Sat Apr 9 07:42:25 2011 (r220465) @@ -217,12 +217,23 @@ typedef void *acl_t; #define ACL_WRITE_OWNER 0x00004000 #define ACL_SYNCHRONIZE 0x00008000 -#define ACL_NFS4_PERM_BITS (ACL_READ_DATA | ACL_WRITE_DATA | \ +#define ACL_FULL_SET (ACL_READ_DATA | ACL_WRITE_DATA | \ ACL_APPEND_DATA | ACL_READ_NAMED_ATTRS | ACL_WRITE_NAMED_ATTRS | \ ACL_EXECUTE | ACL_DELETE_CHILD | ACL_READ_ATTRIBUTES | \ ACL_WRITE_ATTRIBUTES | ACL_DELETE | ACL_READ_ACL | ACL_WRITE_ACL | \ ACL_WRITE_OWNER | ACL_SYNCHRONIZE) +#define ACL_MODIFY_SET (ACL_FULL_SET & \ + ~(ACL_WRITE_ACL | ACL_WRITE_OWNER)) + +#define ACL_READ_SET (ACL_READ_DATA | ACL_READ_NAMED_ATTRS | \ + ACL_READ_ATTRIBUTES | ACL_READ_ACL) + +#define ACL_WRITE_SET (ACL_WRITE_DATA | ACL_APPEND_DATA | \ + ACL_WRITE_NAMED_ATTRS | ACL_WRITE_ATTRIBUTES) + +#define ACL_NFS4_PERM_BITS ACL_FULL_SET + /* * Possible entry_id values for acl_get_entry(3). */