Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Dec 2013 06:58:21 GMT
From:      ZAHEMSZKY@FreeBSD.org, Gabor <gabor@zahemszky.hu>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/184760: deleting POSIX mask-ACL is a horror
Message-ID:  <201312140658.rBE6wLNb084460@oldred.freebsd.org>
Resent-Message-ID: <201312140700.rBE700ZD076271@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         184760
>Category:       misc
>Synopsis:       deleting POSIX mask-ACL is a horror
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 14 07:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     ZAHEMSZKY, Gabor
>Release:        9.2-RELEASE
>Organization:
Zahemszky Ltd
>Environment:
FreeBSD Picasso.Zahemszky.HU 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
After enabling POSIX-ACL-s, and setting any ACL on a file, we'll have mask-ACL. But it's terrible difficult to remove the leftover mask-ACL from the file. Here is a typescript of it:
Script started on Sat Dec 14 07:36:32 2013
$ touch lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ setfacl -m u:friend:rw lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
user:friend:rw-
group::r--
mask::rw-
other::r--
$ setfacl -x u:friend: lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: -b lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ ^D
Script done on Sat Dec 14 07:41:50 2013

>How-To-Repeat:
Create a new test file on a POSIX-ACL-enbled filesystem. Put an ACL on that file. Remove that ACL. Try to remove the leftover mask ACL. Sometimes incorrect error message, sometimes no error message at all. We need to remove the ACL (-x option) with the non-intuitive -x number form, AND the "remove all of the ACLs" (-b option) with ONLY THIS order (-b -x is incorrect; -b -x mask:: incorrect, etc)
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312140658.rBE6wLNb084460>