Treat ACLs with extra ACEs for Admins and SYSTEM like a trivial ACL
POSIX.1e requires that chmod changes the MASK rather than the GROUP_OBJ value if the ACL is non-trivial. On Windows, especially on home machines, a standard ACL often consists of entries for the user, maybe the group, and additional entries for SYSTEM and the Administrators group. A user calling chmod on a file with bog standard Windows perms usually expects that chmod changes the GROUP_OBJ perms, but given the rules from POSIX.1e we can't do that. However, since we already treat Admins and SYSTEM special in a ACL (they are not used in MASK computations) we go a step in the Windows direction to follow user expectations. If an ACL only consists of the three POSIX permissions, plus entries for Admins and SYSTEM *only*, then we change the permissions of the GROUP_OBJ entry *and* the MASK entry. * fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused code. Add special handling for a "standard" Windows ACL. Add comment to explain. * sec_acl.cc (get_posix_access): Allow to return "standard-ness" of an ACL to the caller. Add preceeding comment to explain a bit. * security.h (get_posix_access): Align prototype. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@@ -787,35 +787,35 @@ fhandler_disk_file::fchmod (mode_t mode)
|
||||
gid_t gid;
|
||||
tmp_pathbuf tp;
|
||||
aclent_t *aclp;
|
||||
bool standard_acl = false;
|
||||
int nentries, idx;
|
||||
|
||||
if (!get_file_sd (get_handle (), pc, sd, false))
|
||||
{
|
||||
aclp = (aclent_t *) tp.c_get ();
|
||||
if ((nentries = get_posix_access (sd, NULL, &uid, &gid,
|
||||
aclp, MAX_ACL_ENTRIES)) >= 0)
|
||||
aclp, MAX_ACL_ENTRIES,
|
||||
&standard_acl)) >= 0)
|
||||
{
|
||||
/* Overwrite ACL permissions as required by POSIX 1003.1e
|
||||
draft 17. */
|
||||
aclp[0].a_perm = (mode >> 6) & S_IRWXO;
|
||||
#if 0
|
||||
/* Deliberate deviation from POSIX 1003.1e here. We're not
|
||||
writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're
|
||||
going to be in constant trouble with user expectations. */
|
||||
if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
if (nentries > MIN_ACL_ENTRIES
|
||||
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
#else
|
||||
|
||||
/* POSIXly correct: If CLASS_OBJ is present, chmod only modifies
|
||||
CLASS_OBJ, not GROUP_OBJ. */
|
||||
CLASS_OBJ, not GROUP_OBJ.
|
||||
|
||||
Deliberate deviation from POSIX 1003.1e: If the ACL is a
|
||||
"standard" ACL, that is, it only contains POSIX permissions
|
||||
as well as entries for the Administrators group and SYSTEM,
|
||||
then it's kind of a POSIX-only ACL in a twisted, Windowsy
|
||||
way. If so, we change GROUP_OBJ and CLASS_OBJ perms. */
|
||||
if (standard_acl
|
||||
&& (idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
if (nentries > MIN_ACL_ENTRIES
|
||||
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
else if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
|
||||
#endif
|
||||
|
||||
if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
|
||||
aclp[idx].a_perm = mode & S_IRWXO;
|
||||
if (pc.isdir ())
|
||||
|
Reference in New Issue
Block a user