From owner-freebsd-current@FreeBSD.ORG Wed Aug 6 10:56:35 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D41C037B401; Wed, 6 Aug 2003 10:56:35 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D69E43FB1; Wed, 6 Aug 2003 10:56:31 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h76HuMj26931; Wed, 6 Aug 2003 14:56:22 -0300 Message-ID: <3F314145.1010908@tcoip.com.br> Date: Wed, 06 Aug 2003 14:56:21 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030702 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Robert Watson References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: Change in application of default ACLs in UFS X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 17:56:36 -0000 Robert Watson wrote: > Just an FYI to users of ACLs on UFS -- I've modified the semantics of the > application of the default ACL in combination with the umask. The result > is that the application of default ACLs is now more conservative than > previously, so you may want to keep an eye out and make sure all the ACLs > still mean what you thought they meant. > > I'm still exploring what the best default ACL semantics to use are -- > we're now implementing POSIX.1e "as spec" (bitwise and). It's worth > observing this is not quite the same semantics as Solaris and Linux, in > which the the ACL mask overrides the umask. I have an ACL development > branch in Perforce where I'm experimenting with these semantics, and will > probably merge support for that prior to 5.3, probably as an option. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Network Associates Laboratories > > ---------- Forwarded message ---------- > Date: Sun, 3 Aug 2003 20:29:13 -0700 (PDT) > From: Robert Watson > To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org > Subject: cvs commit: src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c > > rwatson 2003/08/03 20:29:13 PDT > > FreeBSD src repository > > Modified files: > sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c > Log: > Now that the central POSIX.1e ACL code implements functions to > generate the inode mode from a default ACL and creation mask, > implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode(). > > Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no > longer need to explicitly pass in a "preserve_mask" field: this > is implicit in the use of POSIX.1e semantics. > > Note: this change contains a semantic bugfix for new file creation: > we now intersect the ACL-generated mode and the cmode requested by > the user process. This means permissions on newly created file > objects will now be more conservative. In the future, we may want > to provide alternative semantics (similar to Solaris and Linux) in > which the ACL mask overrides the umask, permitting ACLs to broaden > the rights beyond the requested umask. FWIW, I don't like it. This means I'll have to change my umask to o+rw for my ACLs to work correctly, since I use ACLs to _give_ rights in ways that umask cannot. > > PR: 50148 > Reported by: Ritz, Bruno > Obtained from: TrustedBSD Project > > Revision Changes Path > 1.5 +1 -2 src/sys/ufs/ufs/acl.h > 1.18 +8 -78 src/sys/ufs/ufs/ufs_acl.c > 1.232 +4 -8 src/sys/ufs/ufs/ufs_vnops.c > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net SYSTEM-INDEPENDENT: Works equally poorly on all systems.