From owner-freebsd-fs@FreeBSD.ORG Fri Oct 14 13:20:56 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4225316A41F for ; Fri, 14 Oct 2005 13:20:56 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E647F43D46 for ; Fri, 14 Oct 2005 13:20:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 0F52346BA6; Fri, 14 Oct 2005 09:20:55 -0400 (EDT) Date: Fri, 14 Oct 2005 14:20:54 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Heinrich Rebehn In-Reply-To: <434FA9E6.9070009@ant.uni-bremen.de> Message-ID: <20051014141732.J22507@fledge.watson.org> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <20051014092250.D66245@fledge.watson.org> <434FA9E6.9070009@ant.uni-bremen.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Oct 2005 13:20:56 -0000 On Fri, 14 Oct 2005, Heinrich Rebehn wrote: >> The problem, so to speak, is that we actually implement what is >> described in the POSIX.1e spec. When we did our initial >> implementation, the various OS's varied a bit in the semantics they >> implemented: >> >> - Solaris implemented umask override if the mask was specified in the >> default ACL. > > does umask override or is umask overriden? :-) I suppose the former. Sorry -- to be more specific, in the Solaris ACL model, the umask will be ignored if a mask exists in the default ACL of the parent. In POSIX.1e, the umask and parent mask are combined to generate a conservative result, avoiding applications leaking data in the event they understand permissions but not ACLs. Of course, many people find it desirable to be able to override the umaks by directory, hence interest in the less conservative model. >> - IRIX implemented the spec. And to clarify this: IRIX and FreeBSD both implemented POSIX.1eD17 as written. We implemented it because it was the spec, and SGI implemented it because the primary editor of that draft of the spec was running their trusted systems team. :-) > Thanks for this in-depth explanation. This sounds like we cannot expect > a solution any time soon. I will think about another method of managing > our lab users (or use adjust umask - better than nothing). I would > really appreciate alternative models for NFS4. I think a solution for 7.0 is quite likely, but a solution for 6.x is less likely because I'm not sure I want to change something like the semantics of ACLs and file system interfaces during a -STABLE branch. I'll have to think about it a bit -- we may be able to offer it as a non-default option that will be configured by default in 7.x, if it's OK to change the internal kernel file system interfaces during the RELENG_6 life span. Robert N M Watson