From owner-svn-src-head@FreeBSD.ORG Wed Jul 1 15:52:19 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC94D106566C; Wed, 1 Jul 2009 15:52:19 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B08E88FC1A; Wed, 1 Jul 2009 15:52:19 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n61FqJ57016998; Wed, 1 Jul 2009 15:52:19 GMT (envelope-from trasz@svn.freebsd.org) Received: (from trasz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n61FqJL5016996; Wed, 1 Jul 2009 15:52:19 GMT (envelope-from trasz@svn.freebsd.org) Message-Id: <200907011552.n61FqJL5016996@svn.freebsd.org> From: Edward Tomasz Napierala Date: Wed, 1 Jul 2009 15:52:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r195243 - head/bin/chmod X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2009 15:52:20 -0000 Author: trasz Date: Wed Jul 1 15:52:19 2009 New Revision: 195243 URL: http://svn.freebsd.org/changeset/base/195243 Log: With NFSv4 ACLs, it is possible that applying a mode to an ACL which is identical to the mode computed from that ACL will modify the ACL. For example, mode computed from the following ACL is 0600: user:kamila:rwx--------C--:------:allow owner@:--x-----------:------:deny owner@:rw-p---A-W-Co-:------:allow group@:rwxp----------:------:deny group@:--------------:------:allow everyone@:rwxp---A-W-Co-:------:deny everyone@:------a-R-c--s:------:allow However, applying that mode (chmod 0600) changes the ACL into this: user:kamila:rwx-----------:------:deny user:kamila:rwx--------C--:------:allow owner@:--x-----------:------:deny owner@:rw-p---A-W-Co-:------:allow group@:rwxp----------:------:deny group@:--------------:------:allow everyone@:rwxp---A-W-Co-:------:deny everyone@:------a-R-c--s:------:allow In chmod(1) utility, there is an optimisation, which makes it not call chmod(2) if the mode of the file is the same as the new mode. Disable that optimisation for files which may have NFSv4 ACLs. Reviewed by: rwatson Approved by: re (kib) Modified: head/bin/chmod/chmod.c Modified: head/bin/chmod/chmod.c ============================================================================== --- head/bin/chmod/chmod.c Wed Jul 1 15:37:23 2009 (r195242) +++ head/bin/chmod/chmod.c Wed Jul 1 15:52:19 2009 (r195243) @@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include static void usage(void); +static int may_have_nfs4acl(const FTSENT *ent); int main(int argc, char *argv[]) @@ -180,8 +181,14 @@ done: argv += optind; break; } newmode = getmode(set, p->fts_statp->st_mode); - if ((newmode & ALLPERMS) == (p->fts_statp->st_mode & ALLPERMS)) - continue; + /* + * With NFSv4 ACLs, it is possible that applying a mode + * identical to the one computed from an ACL will change + * that ACL. + */ + if (may_have_nfs4acl(p) == 0 && + (newmode & ALLPERMS) == (p->fts_statp->st_mode & ALLPERMS)) + continue; if ((*change_mode)(p->fts_accpath, newmode) && !fflag) { warn("%s", p->fts_path); rval = 1; @@ -219,3 +226,24 @@ usage(void) "usage: chmod [-fhv] [-R [-H | -L | -P]] mode file ...\n"); exit(1); } + +static int +may_have_nfs4acl(const FTSENT *ent) +{ + int ret; + static dev_t previous_dev = (dev_t)-1; + static int supports_acls = -1; + + if (previous_dev != ent->fts_statp->st_dev) { + previous_dev = ent->fts_statp->st_dev; + supports_acls = 0; + + ret = pathconf(ent->fts_accpath, _PC_ACL_NFS4); + if (ret > 0) + supports_acls = 1; + else if (ret < 0 && errno != EINVAL) + warn("%s", ent->fts_path); + } + + return (supports_acls); +}