Apply mask execute bit for SYSTEM and Admins group.

* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit for SYSTEM and Admins group. * getfacl.c (main): Special-case SYSTEM and Admins group. Add comments. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-20 12:06:05 +02:00
parent 2f5e833735
commit b364582734
4 changed files with 34 additions and 7 deletions
--- a/winsup/utils/getfacl.c
+++ b/winsup/utils/getfacl.c
@@ -279,16 +279,32 @@ main (int argc, char **argv)
 	    {
 	    case USER:
 	    case GROUP_OBJ:
-	    case GROUP:
 	      effective = acls[i].a_perm & mask;
 	      print_effective = 1;
 	      break;
+	    case GROUP:
+	      /* Special case SYSTEM and Admins group:  The mask only
+	         applies to them as far as the execute bit is concerned. */
+	      if (acls[i].a_id == 18 || acls[i].a_id == 544)
+		effective = acls[i].a_perm & (mask | S_IROTH | S_IWOTH);
+	      else
+		effective = acls[i].a_perm & mask;
+	      print_effective = 1;
+	      break;
 	    case DEF_USER:
 	    case DEF_GROUP_OBJ:
-	    case DEF_GROUP:
 	      effective = acls[i].a_perm & def_mask;
 	      print_effective = 1;
 	      break;
+	    case DEF_GROUP:
+	      /* Special case SYSTEM and Admins group:  The mask only
+	         applies to them as far as the execute bit is concerned. */
+	      if (acls[i].a_id == 18 || acls[i].a_id == 544)
+		effective = acls[i].a_perm & (def_mask | S_IROTH | S_IWOTH);
+	      else
+		effective = acls[i].a_perm & def_mask;
+	      print_effective = 1;
+	      break;
 	    }
 	  if (print_effective && eopt >= 0
 	      && (eopt > 0 || effective != acls[i].a_perm))