Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 06 Aug 2003 14:56:21 -0300
From:      "Daniel C. Sobral" <dcs@tcoip.com.br>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        current@freebsd.org
Subject:   Re: Change in application of default ACLs in UFS
Message-ID:  <3F314145.1010908@tcoip.com.br>
In-Reply-To: <Pine.NEB.3.96L.1030803234649.10981B-100000@fledge.watson.org>
References:  <Pine.NEB.3.96L.1030803234649.10981B-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote:
> Just an FYI to users of ACLs on UFS -- I've modified the semantics of the
> application of the default ACL in combination with the umask.  The result
> is that the application of default ACLs is now more conservative than
> previously, so you may want to keep an eye out and make sure all the ACLs
> still mean what you thought they meant.
> 
> I'm still exploring what the best default ACL semantics to use are --
> we're now implementing POSIX.1e "as spec" (bitwise and).  It's worth
> observing this is not quite the same semantics as Solaris and Linux, in
> which the the ACL mask overrides the umask.  I have an ACL development
> branch in Perforce where I'm experimenting with these semantics, and will
> probably merge support for that prior to 5.3, probably as an option. 
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org      Network Associates Laboratories
> 
> ---------- Forwarded message ----------
> Date: Sun, 3 Aug 2003 20:29:13 -0700 (PDT)
> From: Robert Watson <rwatson@FreeBSD.org>
> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
> Subject: cvs commit: src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c
> 
> rwatson     2003/08/03 20:29:13 PDT
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/ufs/ufs          acl.h ufs_acl.c ufs_vnops.c 
>   Log:
>   Now that the central POSIX.1e ACL code implements functions to
>   generate the inode mode from a default ACL and creation mask,
>   implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode().
>   
>   Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no
>   longer need to explicitly pass in a "preserve_mask" field: this
>   is implicit in the use of POSIX.1e semantics.
>   
>   Note: this change contains a semantic bugfix for new file creation:
>   we now intersect the ACL-generated mode and the cmode requested by
>   the user process.  This means permissions on newly created file
>   objects will now be more conservative.  In the future, we may want
>   to provide alternative semantics (similar to Solaris and Linux) in
>   which the ACL mask overrides the umask, permitting ACLs to broaden
>   the rights beyond the requested umask.

FWIW, I don't like it. This means I'll have to change my umask to o+rw 
for my ACLs to work correctly, since I use ACLs to _give_ rights in ways 
that umask cannot.

>   
>   PR:             50148
>   Reported by:    Ritz, Bruno <bruno_ritz@gmx.ch>
>   Obtained from:  TrustedBSD Project
>   
>   Revision  Changes    Path
>   1.5       +1 -2      src/sys/ufs/ufs/acl.h
>   1.18      +8 -78     src/sys/ufs/ufs/ufs_acl.c
>   1.232     +4 -8      src/sys/ufs/ufs/ufs_vnops.c
> 
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"


-- 
Daniel C. Sobral                   (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
         Daniel.Sobral@tcoip.com.br
         dcs@tcoip.com.br

Outros:
	dcs@newsguy.com
	dcs@freebsd.org
	capo@notorious.bsdconspiracy.net

SYSTEM-INDEPENDENT:
	Works equally poorly on all systems.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F314145.1010908>