diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2014-04-02 14:59:08 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-04-04 10:13:23 -0400 |
| commit | 06f9cc12caa862f5bc86ebdb4f77568a4bef0167 (patch) | |
| tree | 3f2df1563d5cc371e8a484006fc8a66af6713ab8 /net | |
| parent | 082f31a2169bd639785e45bf252f3d5bce0303c6 (diff) | |
nfsd4: don't create unnecessary mask acl
Any setattr of the ACL attribute, even if it sets just the basic 3-ACE
ACL exactly as it was returned from a file with only mode bits, creates
a mask entry, and it is only the mask, not group, entry that is changed
by subsequent modifications of the mode bits.
So, for example, it's surprising that GROUP@ is left without read or
write permissions after a chmod 0666:
touch test
chmod 0600 test
nfs4_getfacl test
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
nfs4_getfacl test | nfs4_setfacl -S - test #
chmod 0666 test
nfs4_getfacl test
A::OWNER@:rwatTcCy
A::GROUP@:tcy
D::GROUP@:rwa
A::EVERYONE@:rwatcy
So, let's stop creating the unnecessary mask ACL.
A mask will still be created on non-trivial ACLs (ACLs with actual named
user and group ACEs), so the odd posix-acl behavior of chmod modifying
only the mask will still be left in that case; but that's consistent
with local behavior.
Reported-by: Soumya Koduri <skoduri@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions