From owner-freebsd-current@FreeBSD.ORG Sat Jul 19 15:01:17 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4301737B401 for ; Sat, 19 Jul 2003 15:01:17 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8898E43FA3 for ; Sat, 19 Jul 2003 15:01:16 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h6JM0nai087544; Sat, 19 Jul 2003 18:00:49 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h6JM0n9k087541; Sat, 19 Jul 2003 18:00:49 -0400 (EDT) Date: Sat, 19 Jul 2003 18:00:49 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "=?iso-8859-2?Q?Branko_F._Gra=E8nar?=" In-Reply-To: <012e01c34e36$5171d140$fac8a8c0@MORDOR> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE cc: freebsd-current@freebsd.org Subject: Re: 5.1 setfacl problem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2003 22:01:17 -0000 On Sat, 19 Jul 2003, [iso-8859-2] Branko F. Gra=E8nar wrote: > Hi there!=20 >=20 > I'm running 5.1 on i386 platform and i have silly problem with acls.=20 >=20 > I have disks mounted with acl option (ofcourse they are formatted with > ufs2) and acls generally work okay.=20 >=20 > But when i try to set default directory acl entry i get 'Invalid > argument' error.=20 >=20 > Here is example command usage:=20 >=20 > # setfacl -dm m::rwx,u:some_user:rwx test_directory > setfacl: acl_set_file() failed for test_directory: Invalid argument >=20 > This is really annoying...=20 >=20 > Any ideas, how to solve this?=20 POSIX.1eD17 23.1.3 requires that default ACLs have the same minimum entries as an access ACL, meaning that all default ACLs must contain at least object owner, object group, and other fields. If you have extended entries, you must also have a mask field. If the test_directory above doesn't already have an ACL on it to modify, the command you're using will specify what POSIX.1e considers an incomplete ACL and rejects. Try using: setfacl -dm u::rwx,g::rx,o::rx,u:some_user:rwx,m:rwx test_directory and see if that works better for you. If so, that was probably the problem. I haven't checked to see if other implementations have different interpretations of POSIX.1e, or bend the rules in various ways, but they might well do. We could, in theory, weaken the rules, but the logic to combine partial default ACLs, requested creation mode, and umask would be complicated... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories