Problem with default ACLs and mask
Robert Watson
rwatson at FreeBSD.org
Fri Oct 14 01:29:37 PDT 2005
On Fri, 14 Oct 2005, Victor Sudakov wrote:
> Heinrich Rebehn wrote:
>>
>
> [dd]
>> Am i doing something wrong here? Why is the mask not propagated?
>
> I am afraid the current umask prevents it. You must set it to something
> like "umask 002" before you create your files or directories (the group
> write bit matters here).
The problem, so to speak, is that we actually implement what is described
in the POSIX.1e spec. When we did our initial implementation, the various
OS's varied a bit in the semantics they implemented:
- Solaris implemented umask override if the mask was specified in the
default ACL.
- IRIX implemented the spec.
Since that time, Linux has turned up and implemented the Solaris model,
and IRIX has switched to the Solaris model also as a result of peer
pressure. I've previouly looked at switching us, but it tears up our
kernel APIs some and will require significant testing. I had hoped to do
this for FreeBSD 6.x but was derailed working on other problems that
needed to be fixed. My hope is to change the default in FreeBSD 7.x.
Doing this requires:
(1) All file creation VOP's to accept different fields -- rather than
accepting the completed creation mode, they need to accept the
creation mask and requested creation mode.
(2) The fairly dispersed current logic for combining the umask and
requested creation mask needs to be discovered, normalized, and
documented. You'll notice if you grep around that the umask +
creation mode processing uses slightly different bit combination and
masking operations depending on object type. Only code inspection
combined with some portability testing will tell us if what's there
now is a bug or a feature.
(3) Addition of logic to kern_acl.c so that file systems implementing
POSIX.1e can ask the revised question about initial ACL and file mode.
(4) Much testing. Ideally, creastion of fairly extensive regression tests
having to do with the modes of files on creation, ACLs, etc.
There's also been a recent discussion on trustedbsd-discuss about
implementing alternative semantics based on the NFSv4 ACL model. I've
taken a walk through the spec and a bit of initial hacking, and need to
send e-mail to the NFSv4 working group mailing list asking for
clarification of some points. If we did do this, we would presumably add
a new flag, nfsv4_acl, for UFS, to allow the administrator to select one
of two models. A further complexity is that these models are require
different, and so we'd have to look carefully at tools and application
behavior.
Robert N M Watson
More information about the freebsd-fs
mailing list