Date: Fri, 14 Oct 2005 14:20:54 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Heinrich Rebehn <rebehn@ant.uni-bremen.de> Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask Message-ID: <20051014141732.J22507@fledge.watson.org> In-Reply-To: <434FA9E6.9070009@ant.uni-bremen.de> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <20051014092250.D66245@fledge.watson.org> <434FA9E6.9070009@ant.uni-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Oct 2005, Heinrich Rebehn wrote: >> The problem, so to speak, is that we actually implement what is >> described in the POSIX.1e spec. When we did our initial >> implementation, the various OS's varied a bit in the semantics they >> implemented: >> >> - Solaris implemented umask override if the mask was specified in the >> default ACL. > > does umask override or is umask overriden? :-) I suppose the former. Sorry -- to be more specific, in the Solaris ACL model, the umask will be ignored if a mask exists in the default ACL of the parent. In POSIX.1e, the umask and parent mask are combined to generate a conservative result, avoiding applications leaking data in the event they understand permissions but not ACLs. Of course, many people find it desirable to be able to override the umaks by directory, hence interest in the less conservative model. >> - IRIX implemented the spec. And to clarify this: IRIX and FreeBSD both implemented POSIX.1eD17 as written. We implemented it because it was the spec, and SGI implemented it because the primary editor of that draft of the spec was running their trusted systems team. :-) > Thanks for this in-depth explanation. This sounds like we cannot expect > a solution any time soon. I will think about another method of managing > our lab users (or use adjust umask - better than nothing). I would > really appreciate alternative models for NFS4. I think a solution for 7.0 is quite likely, but a solution for 6.x is less likely because I'm not sure I want to change something like the semantics of ACLs and file system interfaces during a -STABLE branch. I'll have to think about it a bit -- we may be able to offer it as a non-default option that will be configured by default in 7.x, if it's OK to change the internal kernel file system interfaces during the RELENG_6 life span. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051014141732.J22507>