From owner-freebsd-bugs@FreeBSD.ORG  Sat Dec 14 07:00:00 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D483AA4C
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sat, 14 Dec 2013 07:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AF59A1D53
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sat, 14 Dec 2013 07:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rBE700fE076272
 for <freebsd-bugs@freefall.freebsd.org>; Sat, 14 Dec 2013 07:00:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rBE700ZD076271;
 Sat, 14 Dec 2013 07:00:00 GMT (envelope-from gnats)
Resent-Date: Sat, 14 Dec 2013 07:00:00 GMT
Resent-Message-Id: <201312140700.rBE700ZD076271@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, ZAHEMSZKY@FreeBSD.org,
 Gabor <gabor@zahemszky.hu>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8781CA3C
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:22 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org
 [IPv6:2001:1900:2254:206a::50:4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 59D581D46
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:22 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
 by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rBE6wLaE084525
 for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:21 GMT
 (envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
 by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rBE6wLNb084460;
 Sat, 14 Dec 2013 06:58:21 GMT (envelope-from nobody)
Message-Id: <201312140658.rBE6wLNb084460@oldred.freebsd.org>
Date: Sat, 14 Dec 2013 06:58:21 GMT
From: ZAHEMSZKY@FreeBSD.org, Gabor <gabor@zahemszky.hu>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: misc/184760: deleting POSIX mask-ACL is a horror
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Dec 2013 07:00:01 -0000


>Number:         184760
>Category:       misc
>Synopsis:       deleting POSIX mask-ACL is a horror
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 14 07:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     ZAHEMSZKY, Gabor
>Release:        9.2-RELEASE
>Organization:
Zahemszky Ltd
>Environment:
FreeBSD Picasso.Zahemszky.HU 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
After enabling POSIX-ACL-s, and setting any ACL on a file, we'll have mask-ACL. But it's terrible difficult to remove the leftover mask-ACL from the file. Here is a typescript of it:
Script started on Sat Dec 14 07:36:32 2013
$ touch lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ setfacl -m u:friend:rw lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
user:friend:rw-
group::r--
mask::rw-
other::r--
$ setfacl -x u:friend: lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: -b lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ ^D
Script done on Sat Dec 14 07:41:50 2013

>How-To-Repeat:
Create a new test file on a POSIX-ACL-enbled filesystem. Put an ACL on that file. Remove that ACL. Try to remove the leftover mask ACL. Sometimes incorrect error message, sometimes no error message at all. We need to remove the ACL (-x option) with the non-intuitive -x number form, AND the "remove all of the ACLs" (-b option) with ONLY THIS order (-b -x is incorrect; -b -x mask:: incorrect, etc)
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: