Commit Graph

25 Commits

Author SHA1 Message Date
Mark Johnston
15e594351a Don't set NFSv4 ACL inheritance flags on non-directories.
They only make sense in the context of directory ACLs, and attempting
to set them on regular files results in errors, causing a recursive
setfacl invocation to abort.

This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org>
and Mitchell Horne <mhorne063@gmail.com>.

PR:		155163
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15061
2018-10-26 21:17:06 +00:00
Mark Johnston
10cb5344fd Don't print pathconf() errors if the target file doesn't exist.
The subsequent acl_get_file(3) call will simply echo the same error.

PR:		229930
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 19:01:52 +00:00
Mark Johnston
f024dd3bf0 Avoid leaking memory in error paths.
CID:		1390906
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 18:56:58 +00:00
Ed Maste
b79f74cc64 setfacl: style and break main() into manageable pieces
Submitted by:	Mitchell Horne
MFC with:	r332396
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15060
2018-04-27 15:25:24 +00:00
Ed Maste
0629b15276 setfacl: add recursive functionality
Add a -R option to setfacl to operate recursively on directories, along
with the accompanying flags -H, -L, and -P (whose behaviour mimics
chmod).

A patch was submitted with PR 155163, but this is a new implementation
based on comments raised in the Phabricator review for that patch
(review D9096).

PR:		155163
Submitted by:	Mitchell Horne <mhorne063@gmail.com>
Reviewed by:	jilles
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14934
2018-04-10 23:29:57 +00:00
Ed Schouten
ae824d80f2 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
Edward Tomasz Napierala
8ed068d31c Make "setfacl -bd" an alias for "setfacl -k". Previously it would crash
on assert.

PR:		bin/165807
MFC after:	1 month
2012-09-04 11:50:13 +00:00
Edward Tomasz Napierala
00b2b3a55d Make setfacl(1) behave properly in situations like "setfacl -kd".
MFC after:	1 month
2012-09-04 11:43:00 +00:00
Jaakko Heinonen
b38dc7ebea Increase carried_error if we skip a file due to an error. This ensures
that setfacl(1) exits with proper exit status on failure.

PR:		bin/149780
Submitted by:	Ævar Arnfjörð Bjarmason (original version)
Reviewed by:	trasz
MFC after:	3 weeks
2011-01-03 17:17:31 +00:00
Joel Dahl
a303eae7c8 Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
Edward Tomasz Napierala
3f22187878 Add NFSv4 support to setfacl(1).
Reviewed by:	rwatson
2009-09-07 16:19:32 +00:00
Edward Tomasz Napierala
23f80af2ca Fix double free in setfacl(1). Description from the author:
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.

Submitted by:	Pedro Martelletto <pedro at ambientworks.net>
Approved by:	rwatson (mentor)
2008-09-06 13:17:35 +00:00
Kirk McKusick
b5ea8f4cbc Implement the -h flag (set an ACL on a symbolic link).
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
2007-02-26 00:42:17 +00:00
Konstantin Belousov
410572a159 Copy filename read from the stdin into the private buffer. Otherwise,
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.

Submitted by:	Oleg Lomaka <oleg.lomaka at gmail com>
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:09:26 +00:00
Ruslan Ermilov
a89237ae95 Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 17:37:39 +00:00
Warner Losh
9ddb49cbe4 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
Robert Watson
95e367261e -v no longer a valid argument to setfacl(1) -- remove from usage().
PR:		55318
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-08-07 14:43:43 +00:00
Robert Watson
4615eb20c3 When reporting an error internalizing an ACL string, print out the
ACL that generated the error, rather than the function, which is
more user-friendly.

Obtained from:	TrustedBSD Project
Product of:	France
2003-07-18 16:00:26 +00:00
Robert Watson
8051fddedc Add "-h" arguments to getfacl and setfacl, which behave in a manner
similar to "-h" on chown, chmod, etc, causing the operation to occur
on a final symlink in the provided path, rather than its target.

Obtained from:	TrustedBSD Project
2002-12-30 15:36:29 +00:00
David E. O'Brien
2749b14129 Consistently use FBSDID 2002-06-30 05:15:05 +00:00
Chris D. Faulhaber
993f5df628 Add defines for access and default ACLs (ACCESS_ACL/DEFAULT_ACL)
to enhance readability.

Obtained from:	TrustedBSD Project
2001-12-03 01:20:52 +00:00
Chris D. Faulhaber
a043a09da7 style(9) cleanups mostly consisting of:
o explicitly check return values and variables against a value
o return x; -> return (x);
o fix inconsistent sysexits usage by nuking it (partially
  suggested by bde)

Obtained from:	TrustedBSD Project
2001-12-03 00:51:36 +00:00
Kris Kennaway
0a26b6bbc0 Silence WARNS=2 and BDECFLAGS on alpha and i386
MFC After:	1 week
2001-05-20 05:13:21 +00:00
Chris D. Faulhaber
0f6263079e o Separate acl_t into internal and external representations as
required by POSIX.1e.  This maintains the current 'struct acl'
  in the kernel while providing the generic external acl_t
  interface required to complete the ACL editing library.
o Add the acl_get_entry() function.
o Convert the existing ACL utilities, getfacl and setfacl, to
  fully make use of the ACL editing library.

Obtained from:	TrustedBSD Project
2001-04-24 22:45:41 +00:00
Robert Watson
43960f159d o POSIX.2c Userland tool support for POSIX.1e ACLs -- getfacl retrieves ACLs
from files and directories, and setfacl sets ACLs on files and directories.

Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2001-03-19 18:09:25 +00:00