Fix up POSIX permission handling
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Disable deviation from POSIX 1003.1e in terms of GROUP_OBJ/CLASS_OBJ permissions. Follow POSIX 1003.1e again. Keep old code in for future reference. * sec_acl.cc: Accommodate changes in ACE creation in leading comment. (set_posix_access): Fix user deny ACE creation. Split group deny ACE creation into two steps, one to reflect CLASS_OBJ, the other to reflect OTHER_OBJ. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@ -915,6 +915,7 @@ fhandler_disk_file::fchmod (mode_t mode)
|
||||
/* Overwrite ACL permissions as required by POSIX 1003.1e
|
||||
draft 17. */
|
||||
aclp[0].a_perm = (mode >> 6) & S_IRWXO;
|
||||
#if 0
|
||||
/* Deliberate deviation from POSIX 1003.1e here. We're not
|
||||
writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're
|
||||
going to be in constant trouble with user expectations. */
|
||||
@ -923,6 +924,15 @@ fhandler_disk_file::fchmod (mode_t mode)
|
||||
if (nentries > MIN_ACL_ENTRIES
|
||||
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
#else
|
||||
/* POSIXly correct: If CLASS_OBJ is present, chmod only modifies
|
||||
CLASS_OBJ, not GROUP_OBJ. */
|
||||
if (nentries > MIN_ACL_ENTRIES
|
||||
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
else if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
#endif
|
||||
if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = mode & S_IRWXO;
|
||||
if (pc.isdir ())
|
||||
|
Reference in New Issue
Block a user