[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-xfs
Subject: Re: default acl inheritance bug
From: Timothy Shimmin <tes () boing ! melbourne ! sgi ! com>
Date: 2002-04-29 2:37:45
[Download RAW message or body]
On Fri, Apr 26, 2002 at 04:11:11AM -0800, Ethan Benson wrote:
> On Thu, Apr 25, 2002 at 02:51:49PM +0200, Andreas Gruenbacher wrote:
> > So this is the promised response to the suspected inheritance bug. To
> > reestablish the contect, here is Ethan's original posting:
> >
> >
> > On Wed, 17 Apr 2002, Ethan Benson wrote:
> > >
> > > i am trying to set a default acl to allow a user read permission to
> > > files created.
> > >
> > > so do:
> > >
> > > root@ash:/var/log/apache# setfacl -dm u:webstats:r-- .
> > >
> > > which renders:
> > >
> > > root@ash:/var/log/apache# getfacl .
> > > # file: .
> > > # owner: root
> > > # group: root
> > > user::rwx
> > > group::r-x
> > > other::r-x
> > > default:user::rwx
> > > default:user:webstats:r--
> > > default:group::r-x
> > > default:mask::r-x
> > > default:other::r-x
> > >
> > >
> > > and then touch foo and get its permissions:
> > >
> > > root@ash:/var/log/apache# touch foo
> > > root@ash:/var/log/apache# getfacl foo
> > > # file: foo
> > > # owner: root
> > > # group: root
> > > user::rw-
> > > user:webstats:r-x #effective:r--
> > > group::r-x #effective:r--
> > > mask::r--
> > > other::r--
> > >
> > > why is the group and webstats user being given execute permission?
> > > (yes i know the mask revokes it, its still wrong and i don't want any
> > > user/group to have an x bit on *files*)
> > >
> > > when creating a file no execute bits should be set for anyone, why
> > > does this not work correctly? note this test is done on the SGI
> > > 2.4.18 XFS split patches. with acl 2.0.8.
> >
> > Either something has gone wrong on your example above, or there is indeed
> > a bug in the XFS ACL implementation. No execute bit for user webstats
> > should ever spring into existence like this.
>
> i fiddled around with it for well over an hour trying to stop this
> behavior, i am quite certain about the above results (which are
> copy/pasted directly from my tty). in between tests i always
> completly stripped the acls with setfacl -b and verified that even the
> system.*acl* attrs were removed with getfattr -m .
>
Hi Ethan,
Yeah your behaviour with the file gaining execute permission in the
user ACE definitely looks wrong _but_ I can NOT repeat it locally.
tes@sagan /mnt/xfs0/testdir/test1> setfacl -dm u:tes:r-- .
tes@sagan /mnt/xfs0/testdir/test1> getfacl .
# file: .
# owner: tes
# group: tes
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:tes:r--
default:group::rwx
default:mask::rwx
default:other::r-x
tes@sagan /mnt/xfs0/testdir/test1> touch foo
tes@sagan /mnt/xfs0/testdir/test1> getfacl foo
# file: foo
# owner: tes
# group: tes
user::rw-
user:tes:r--
group::rwx #effective:rw-
mask::rw-
other::r--
You could try adding printk's in
linux/fs/xfs/xfs_acl.c/xfs_acl_inherit() & xfs_acl_filter_mode() and
see what is going wrong.
OOI, what is the output from running "check 051" in
the cmd/xfstests directory (i.e. the acl regression test) ?
(You need to look at cmd/xfstests/README about setting this stuff up;
one needs to setup some variables to point to xfs filesystems etc...)
--Tim
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic