userland acl_valid() wierdness
Iustin Pop
iusty at k1024.org
Sat Jun 28 09:33:18 UTC 2008
Hi there,
While trying to improve the python bindings for acls on 7.0-release, I
came up upon something that seems strange to me.
Basically, an acl that contains an ACL_USER or ACL_GROUP entry with the
qualifier the same as the current user or group(s?) is declared invalid
by the userland, although this in my understanding of the specs is not
prohibited anywhere, and to me it doesn't make sense (an ACL should
protect from changes in the ownership of the file, for example).
Furthermore, the kernel has completely different checks, although the
comments in lib/libc/posix1e/acl_support.c say:
* _posix1e_acl_check -- given an ACL, check its validity. This is
* mirrored from code in sys/kern/kern_acl.c, and if changes are made in
* one, they should be made in the other also.
What the kernel does is simply to set the qualifier for ACL_USER_OBJ and
ACL_GROUP_OBJ to ACL_UNDEFINED_ID, which seems sane, and then it checks
the qualifier for ACL_USER to be not equal to UNDEFINED_ID, which is
much more reasonable than the userspace code.
Do I misunderstand here the usage?
Sample program:
#include <sys/types.h>
#include <sys/acl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
int main() {
acl_t ma;
acl_entry_t e;
uid_t user=getuid();
ma = acl_from_text("u::rw,g::r,o::-");
if(ma==NULL)
perror("acl_from_text");
if(acl_valid(ma)==-1)
perror("initial acl is not valid");
if(acl_create_entry(&ma, &e)==-1)
perror("acl_create_entry");
if(acl_set_tag_type(e, ACL_USER)==-1)
perror("acl_set_tag_type");
if(acl_set_qualifier(e, &user)==-1)
perror("acl_set_qualifier");
if(acl_calc_mask(&ma)==-1)
perror("acl_calc_mask");
if(acl_valid(ma)==-1)
perror("modified acl is not valid");
}
in this example, the acl_calc_mask and acl_valid will fail unless the
getuid() is changed to getuid()+1.
thanks,
iustin
More information about the posix1e
mailing list