star-1.4a07pre5 available

Chris Faulhaber jedgar at fxp.org
Wed Nov 28 23:30:10 GMT 2001 

On Wed, Nov 28, 2001 at 05:37:55PM +0100, Andreas Gruenbacher wrote:
> On Tue, 27 Nov 2001, Chris Faulhaber wrote:
> > On Thu, Nov 08, 2001 at 03:12:59PM +0100, Andreas Gruenbacher wrote:
> > > On Thu, 8 Nov 2001, Robert Watson wrote:
> > > 
> > > (2) setfacl seems to have trouble with default ACLs:
> > > 
> > > Things like `setfacl -m u:joe:rwx dir/' work as expected. However, the
> > > equivalent command for default ACLs, `setfacl -dm u:joe:rwx dir/', fails.
> > > 
> > > Setting default ACLs works if you specify a complete, valid ACL. It seems
> > > setfacl is doing an acl_valid() call too many, or something like that.
> > > 
> > 
> > Where are you getting the complete default ACL from?  access ACLs
> > can be obtained from a file/dir by using normal unix permissions but
> > default ACLs have no such option.
> 
> You are right, the current draft standard says nothing about constructing
> a complete default ACL in such cases. The resulting setfacl behavior when
> not doing this is quite surprising, though.
> 
> I have in fact implemented this differently in my ACL utilities. If an
> ACL_USER_OBJ/ACL_GROUP_OBJ/ACL_OTHER entry is missing in the default ACL,
> the corresponding entry from the access ACL is used. I find the resulting
> interface much less weird, but it is nonetheless a non-standard extension.
> 

Hmmm...  How do existing implementations handle this?

> > According to 1003.2c:
> > 
> > 8.1.6.1 Standard Output
> > ...
> > The header shall be written in the following format:
> > "#file:%s\n#owner:%d\n#group:%d\n",<filename>,<uid>,<gid>
> > 
> 
> I really see no valid reason why the UID/GID should be given in numeric
> form in the comments as requested in the specification, however. What
> would be the point in showing the numeric ID's in the header, put showing
> the names in the ACL printed out?
> 

Expanded user/group name would definitely be useful.  Perhaps a
non-standard flag to expand them could be agreed upon.

> Still, with respect to the specification, the FreeBSD utilities are
> correct, and mine are not. Sorry for not re-reading the specification
> carefully before. I was merely pointing out the things that occurred
> strange to me, being exposed to the FreeBSD ACL utilities the first time.
> 

Unfortunately the FreeBSD utilities haven't been in use quite as
much as yours so feedback is definitely appreciated.  While sticking
with the spec is good, I think adding extentions to make them a bit
more user friendly isn't a bad idea, especially if they work the same
across the different platforms.

-- 
Chris D. Faulhaber - jedgar at fxp.org - jedgar at FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/posix1e/attachments/20011128/34db34b5/attachment.bin

More information about the posix1e mailing list