Date: Sun, 3 Aug 2003 23:54:29 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Subject: Change in application of default ACLs in UFS Message-ID: <Pine.NEB.3.96L.1030803234649.10981B-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
Just an FYI to users of ACLs on UFS -- I've modified the semantics of the application of the default ACL in combination with the umask. The result is that the application of default ACLs is now more conservative than previously, so you may want to keep an eye out and make sure all the ACLs still mean what you thought they meant. I'm still exploring what the best default ACL semantics to use are -- we're now implementing POSIX.1e "as spec" (bitwise and). It's worth observing this is not quite the same semantics as Solaris and Linux, in which the the ACL mask overrides the umask. I have an ACL development branch in Perforce where I'm experimenting with these semantics, and will probably merge support for that prior to 5.3, probably as an option. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories ---------- Forwarded message ---------- Date: Sun, 3 Aug 2003 20:29:13 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c rwatson 2003/08/03 20:29:13 PDT FreeBSD src repository Modified files: sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c Log: Now that the central POSIX.1e ACL code implements functions to generate the inode mode from a default ACL and creation mask, implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode(). Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no longer need to explicitly pass in a "preserve_mask" field: this is implicit in the use of POSIX.1e semantics. Note: this change contains a semantic bugfix for new file creation: we now intersect the ACL-generated mode and the cmode requested by the user process. This means permissions on newly created file objects will now be more conservative. In the future, we may want to provide alternative semantics (similar to Solaris and Linux) in which the ACL mask overrides the umask, permitting ACLs to broaden the rights beyond the requested umask. PR: 50148 Reported by: Ritz, Bruno <bruno_ritz@gmx.ch> Obtained from: TrustedBSD Project Revision Changes Path 1.5 +1 -2 src/sys/ufs/ufs/acl.h 1.18 +8 -78 src/sys/ufs/ufs/ufs_acl.c 1.232 +4 -8 src/sys/ufs/ufs/ufs_vnops.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030803234649.10981B-100000>