5.1 setfacl problem

Robert Watson rwatson at freebsd.org
Sat Jul 19 15:01:17 PDT 2003

On Sat, 19 Jul 2003, [iso-8859-2] Branko F. Graènar wrote:

> Hi there! 
> I'm running 5.1 on i386 platform and i have silly problem with acls. 
> I have disks mounted with acl option (ofcourse they are formatted with
> ufs2)  and acls generally work okay. 
> But when i try to set default directory acl entry i get 'Invalid
> argument' error. 
> Here is example command usage: 
> # setfacl -dm m::rwx,u:some_user:rwx test_directory
> setfacl: acl_set_file() failed for test_directory: Invalid argument
> This is really annoying... 
> Any ideas, how to solve this? 

POSIX.1eD17 23.1.3 requires that default ACLs have the same minimum
entries as an access ACL, meaning that all default ACLs must contain at
least object owner, object group, and other fields.  If you have extended
entries, you must also have a mask field.  If the test_directory above
doesn't already have an ACL on it to modify, the command you're using will
specify what POSIX.1e considers an incomplete ACL and rejects.  Try using:

  setfacl -dm u::rwx,g::rx,o::rx,u:some_user:rwx,m:rwx test_directory

and see if that works better for you.  If so, that was probably the
problem.  I haven't checked to see if other implementations have different
interpretations of POSIX.1e, or bend the rules in various ways, but they
might well do.  We could, in theory, weaken the rules, but the logic to
combine partial default ACLs, requested creation mode, and umask would be

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories

More information about the freebsd-current mailing list