Change in application of default ACLs in UFS
Robert Watson
rwatson at FreeBSD.org
Sun Aug 3 20:55:39 PDT 2003
Just an FYI to users of ACLs on UFS -- I've modified the semantics of the
application of the default ACL in combination with the umask. The result
is that the application of default ACLs is now more conservative than
previously, so you may want to keep an eye out and make sure all the ACLs
still mean what you thought they meant.
I'm still exploring what the best default ACL semantics to use are --
we're now implementing POSIX.1e "as spec" (bitwise and). It's worth
observing this is not quite the same semantics as Solaris and Linux, in
which the the ACL mask overrides the umask. I have an ACL development
branch in Perforce where I'm experimenting with these semantics, and will
probably merge support for that prior to 5.3, probably as an option.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
---------- Forwarded message ----------
Date: Sun, 3 Aug 2003 20:29:13 -0700 (PDT)
From: Robert Watson <rwatson at FreeBSD.org>
To: src-committers at FreeBSD.org, cvs-src at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c
rwatson 2003/08/03 20:29:13 PDT
FreeBSD src repository
Modified files:
sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c
Log:
Now that the central POSIX.1e ACL code implements functions to
generate the inode mode from a default ACL and creation mask,
implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode().
Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no
longer need to explicitly pass in a "preserve_mask" field: this
is implicit in the use of POSIX.1e semantics.
Note: this change contains a semantic bugfix for new file creation:
we now intersect the ACL-generated mode and the cmode requested by
the user process. This means permissions on newly created file
objects will now be more conservative. In the future, we may want
to provide alternative semantics (similar to Solaris and Linux) in
which the ACL mask overrides the umask, permitting ACLs to broaden
the rights beyond the requested umask.
PR: 50148
Reported by: Ritz, Bruno <bruno_ritz at gmx.ch>
Obtained from: TrustedBSD Project
Revision Changes Path
1.5 +1 -2 src/sys/ufs/ufs/acl.h
1.18 +8 -78 src/sys/ufs/ufs/ufs_acl.c
1.232 +4 -8 src/sys/ufs/ufs/ufs_vnops.c
More information about the freebsd-current
mailing list