Treat ACLs with extra ACEs for Admins and SYSTEM like a trivial ACL
POSIX.1e requires that chmod changes the MASK rather than the GROUP_OBJ value if the ACL is non-trivial. On Windows, especially on home machines, a standard ACL often consists of entries for the user, maybe the group, and additional entries for SYSTEM and the Administrators group. A user calling chmod on a file with bog standard Windows perms usually expects that chmod changes the GROUP_OBJ perms, but given the rules from POSIX.1e we can't do that. However, since we already treat Admins and SYSTEM special in a ACL (they are not used in MASK computations) we go a step in the Windows direction to follow user expectations. If an ACL only consists of the three POSIX permissions, plus entries for Admins and SYSTEM *only*, then we change the permissions of the GROUP_OBJ entry *and* the MASK entry. * fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused code. Add special handling for a "standard" Windows ACL. Add comment to explain. * sec_acl.cc (get_posix_access): Allow to return "standard-ness" of an ACL to the caller. Add preceeding comment to explain a bit. * security.h (get_posix_access): Align prototype. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@@ -467,7 +467,7 @@ int searchace (struct acl *, int, int, uid_t id = ILLEGAL_UID);
|
||||
PSECURITY_DESCRIPTOR set_posix_access (mode_t, uid_t, gid_t, struct acl *, int,
|
||||
security_descriptor &, bool);
|
||||
int get_posix_access (PSECURITY_DESCRIPTOR, mode_t *, uid_t *, gid_t *,
|
||||
struct acl *, int);
|
||||
struct acl *, int, bool * = NULL);
|
||||
int getacl (HANDLE, path_conv &, int, struct acl *);
|
||||
int setacl (HANDLE, path_conv &, int, struct acl *, bool &);
|
||||
|
||||
|
Reference in New Issue
Block a user