Expose an interface to determine if an ACE is inherited.
Submitted by: sef Reviewed by: trasz MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D3540
This commit is contained in:
parent
aa1cfca969
commit
28ffe927c2
@ -26,7 +26,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd April 1, 2013
|
||||
.Dd September 4, 2015
|
||||
.Dt SETFACL 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -378,9 +378,11 @@ dir_inherit
|
||||
inherit_only
|
||||
.It n
|
||||
no_propagate
|
||||
.It I
|
||||
inherited
|
||||
.El
|
||||
.Pp
|
||||
Inheritance flags may be only set on directories.
|
||||
Other than the "inherited" flag, inheritance flags may be only set on directories.
|
||||
.It Ar "ACL type"
|
||||
The ACL type field is either
|
||||
.Dq Li allow
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd October 30, 2014
|
||||
.Dd September 4, 2015
|
||||
.Dt ACL_ADD_FLAG_NP 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -56,6 +56,7 @@ Valid values are:
|
||||
.It ACL_ENTRY_DIRECTORY_INHERIT Ta "Will be inherited by directories."
|
||||
.It ACL_ENTRY_NO_PROPAGATE_INHERIT Ta "Will not propagate."
|
||||
.It ACL_ENTRY_INHERIT_ONLY Ta "Inherit-only."
|
||||
.It ACL_ENTRY_INHERITED Ta "Inherited from parent"
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Rv -std acl_add_flag_np
|
||||
|
@ -48,6 +48,7 @@ struct flagnames_struct a_flags[] =
|
||||
{ ACL_ENTRY_NO_PROPAGATE_INHERIT, "no_propagate", 'n'},
|
||||
{ ACL_ENTRY_SUCCESSFUL_ACCESS, "successfull_access", 'S'},
|
||||
{ ACL_ENTRY_FAILED_ACCESS, "failed_access", 'F'},
|
||||
{ ACL_ENTRY_INHERITED, "inherited", 'I' },
|
||||
/*
|
||||
* There is no ACE_IDENTIFIER_GROUP here - SunOS does not show it
|
||||
* in the "flags" field. There is no ACE_OWNER, ACE_GROUP or
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd September 18, 2009
|
||||
.Dd September 4, 2015
|
||||
.Dt ACL 9
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -203,7 +203,13 @@ The following values are valid:
|
||||
.It Dv ACL_ENTRY_DIRECTORY_INHERIT
|
||||
.It Dv ACL_ENTRY_NO_PROPAGATE_INHERIT
|
||||
.It Dv ACL_ENTRY_INHERIT_ONLY
|
||||
.It Dv ACL_ENTRY_INHERITED
|
||||
.El
|
||||
The
|
||||
.Dv ACL_ENTRY_INHERITED
|
||||
flag is set on an ACE that has been inherited from its parent.
|
||||
It may also be set programmatically, and is valid on both files
|
||||
and directories.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr acl 3 ,
|
||||
|
@ -64,6 +64,8 @@ struct zfs2bsd flags[] = {{ACE_FILE_INHERIT_ACE,
|
||||
ACL_ENTRY_NO_PROPAGATE_INHERIT},
|
||||
{ACE_INHERIT_ONLY_ACE,
|
||||
ACL_ENTRY_INHERIT_ONLY},
|
||||
{ACE_INHERITED_ACE,
|
||||
ACL_ENTRY_INHERITED},
|
||||
{ACE_SUCCESSFUL_ACCESS_ACE_FLAG,
|
||||
ACL_ENTRY_SUCCESSFUL_ACCESS},
|
||||
{ACE_FAILED_ACCESS_ACE_FLAG,
|
||||
|
@ -189,11 +189,12 @@ typedef struct ace_object {
|
||||
ACE_DIRECTORY_INHERIT_ACE | \
|
||||
ACE_NO_PROPAGATE_INHERIT_ACE | \
|
||||
ACE_INHERIT_ONLY_ACE | \
|
||||
ACE_INHERITED_ACE | \
|
||||
ACE_IDENTIFIER_GROUP)
|
||||
|
||||
#define ACE_TYPE_FLAGS (ACE_OWNER|ACE_GROUP|ACE_EVERYONE| \
|
||||
ACE_IDENTIFIER_GROUP)
|
||||
#define ACE_INHERIT_FLAGS (ACE_FILE_INHERIT_ACE| \
|
||||
#define ACE_INHERIT_FLAGS (ACE_FILE_INHERIT_ACE| ACL_INHERITED_ACE| \
|
||||
ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE)
|
||||
|
||||
/* cmd args to acl(2) for aclent_t */
|
||||
|
@ -1068,6 +1068,7 @@ acl_nfs4_inherit_entries(const struct acl *parent_aclp,
|
||||
child_aclp->acl_cnt++;
|
||||
|
||||
entry->ae_flags &= ~ACL_ENTRY_INHERIT_ONLY;
|
||||
entry->ae_flags |= ACL_ENTRY_INHERITED;
|
||||
|
||||
/*
|
||||
* If the type of the ACE is neither ALLOW nor DENY,
|
||||
|
@ -249,11 +249,12 @@ typedef void *acl_t;
|
||||
#define ACL_ENTRY_INHERIT_ONLY 0x0008
|
||||
#define ACL_ENTRY_SUCCESSFUL_ACCESS 0x0010
|
||||
#define ACL_ENTRY_FAILED_ACCESS 0x0020
|
||||
#define ACL_ENTRY_INHERITED 0x0080
|
||||
|
||||
#define ACL_FLAGS_BITS (ACL_ENTRY_FILE_INHERIT | \
|
||||
ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_NO_PROPAGATE_INHERIT | \
|
||||
ACL_ENTRY_INHERIT_ONLY | ACL_ENTRY_SUCCESSFUL_ACCESS | \
|
||||
ACL_ENTRY_FAILED_ACCESS)
|
||||
ACL_ENTRY_FAILED_ACCESS | ACL_ENTRY_INHERITED)
|
||||
|
||||
/*
|
||||
* Undefined value in ae_id field. ae_id should be set to this value
|
||||
|
@ -43,9 +43,9 @@ $ umask 022
|
||||
|
||||
$ touch nfs4/xxx
|
||||
$ getfacl -nq nfs4/xxx
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ touch posix/xxx
|
||||
$ getfacl -nq posix/xxx
|
||||
@ -96,10 +96,10 @@ $ ls -l posix/xxx | cut -d' ' -f1
|
||||
$ mv posix/yyy nfs4/xxx
|
||||
> mv: failed to set acl entries for nfs4/xxx: Invalid argument
|
||||
$ getfacl -nq nfs4/xxx
|
||||
> owner@:-wxp----------:------:deny
|
||||
> owner@:r-----aARWcCos:------:allow
|
||||
> group@:rwxp--a-R-c--s:------:allow
|
||||
> everyone@:rw-p--a-R-c--s:------:allow
|
||||
> owner@:-wxp----------:-------:deny
|
||||
> owner@:r-----aARWcCos:-------:allow
|
||||
> group@:rwxp--a-R-c--s:-------:allow
|
||||
> everyone@:rw-p--a-R-c--s:-------:allow
|
||||
$ ls -l nfs4/xxx | cut -d' ' -f1
|
||||
> -r--rwxrw-
|
||||
|
||||
@ -110,11 +110,11 @@ $ touch nfs4/xxx
|
||||
$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx
|
||||
$ mv nfs4/xxx nfs4/yyy
|
||||
$ getfacl -nq nfs4/yyy
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:42:--x-----------:-------:allow
|
||||
> group:43:-w------------:-------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
$ ls -l nfs4/yyy | cut -d' ' -f1
|
||||
> -rw-r--r--+
|
||||
|
||||
@ -261,14 +261,14 @@ $ chmod 543 nfs4/xxx
|
||||
$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx
|
||||
$ cp -p nfs4/xxx nfs4/yyy
|
||||
$ getfacl -nq nfs4/yyy
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:--x-----------:------:allow
|
||||
> owner@:-w-p----------:------:deny
|
||||
> group@:-wxp----------:------:deny
|
||||
> owner@:r-x---aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:-wxp--a-R-c--s:------:allow
|
||||
> user:42:--x-----------:-------:allow
|
||||
> group:43:-w------------:-------:allow
|
||||
> owner@:--x-----------:-------:allow
|
||||
> owner@:-w-p----------:-------:deny
|
||||
> group@:-wxp----------:-------:deny
|
||||
> owner@:r-x---aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:-wxp--a-R-c--s:-------:allow
|
||||
$ ls -l nfs4/yyy | cut -d' ' -f1
|
||||
> -r-xr---wx+
|
||||
|
||||
|
@ -42,14 +42,14 @@ $ getfacl xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ getfacl -q xxx
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Check verbose mode formatting.
|
||||
$ getfacl -v xxx
|
||||
@ -66,11 +66,11 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> user:0:-----------C--:-------:allow
|
||||
> group:1:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Test user and group name resolving.
|
||||
$ rm xxx
|
||||
@ -80,11 +80,11 @@ $ getfacl xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> user:root:-----------C--:------:allow
|
||||
> group:daemon:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> user:root:-----------C--:-------:allow
|
||||
> group:daemon:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Check whether ls correctly marks files with "+".
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
@ -96,10 +96,10 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> user:0:-----------C--:-------:allow
|
||||
> group:1:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Test setfacl -m.
|
||||
$ setfacl -a0 everyone@:rwx:deny xxx
|
||||
@ -110,26 +110,26 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> user:0:-----------C--:-------:allow
|
||||
> group:1:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Test getfacl -i.
|
||||
$ getfacl -i xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> user:root:-----------C--:------:allow:0
|
||||
> group:daemon:----------c---:------:deny:1
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> user:root:-----------C--:-------:allow:0
|
||||
> group:daemon:----------c---:-------:deny:1
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Make sure cp without any flags does not copy copy the ACL.
|
||||
$ cp xxx yyy
|
||||
@ -143,13 +143,13 @@ $ getfacl -n yyy
|
||||
> # file: yyy
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> everyone@:--------------:-------:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> user:0:-----------C--:-------:allow
|
||||
> group:1:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ rm yyy
|
||||
|
||||
@ -159,10 +159,10 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> user:0:-----------C--:-------:allow
|
||||
> group:1:----------c---:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Test setfacl -b.
|
||||
$ setfacl -b xxx
|
||||
@ -170,9 +170,9 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
@ -196,23 +196,23 @@ $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
|
||||
$ getfacl -nq nnn xxx yyy zzz
|
||||
> getfacl: nnn: stat() failed: No such file or directory
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:42:--x-----------:-------:allow
|
||||
> group:43:-w------------:-------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
>
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:42:--x-----------:-------:allow
|
||||
> group:43:-w------------:-------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
>
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:42:--x-----------:-------:allow
|
||||
> group:43:-w------------:-------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ setfacl -b nnn xxx yyy zzz
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
@ -233,9 +233,9 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-------
|
||||
@ -249,9 +249,9 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 42
|
||||
> # group: wheel
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-------
|
||||
|
||||
@ -264,11 +264,11 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 43
|
||||
> # group: wheel
|
||||
> owner@:rw-p----------:------:deny
|
||||
> group@:r-------------:------:deny
|
||||
> owner@:--x---aARWcCos:------:allow
|
||||
> group@:-w-p--a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p----------:-------:deny
|
||||
> group@:r-------------:-------:deny
|
||||
> owner@:--x---aARWcCos:-------:allow
|
||||
> group@:-w-p--a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> ---x-w-r--
|
||||
|
||||
@ -281,11 +281,11 @@ $ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 43
|
||||
> # group: wheel
|
||||
> owner@:-wxp----------:------:deny
|
||||
> group@:-w-p----------:------:deny
|
||||
> owner@:r-----aARWcCos:------:allow
|
||||
> group@:--x---a-R-c--s:------:allow
|
||||
> everyone@:-w-p--a-R-c--s:------:allow
|
||||
> owner@:-wxp----------:-------:deny
|
||||
> group@:-w-p----------:-------:deny
|
||||
> owner@:r-----aARWcCos:-------:allow
|
||||
> group@:--x---a-R-c--s:-------:allow
|
||||
> everyone@:-w-p--a-R-c--s:-------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -r----x-w-
|
||||
|
||||
@ -298,23 +298,23 @@ $ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-d----:allow
|
||||
> group:43:-w--D---------:-d----:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:rw-p-da-------:------:allow
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:r-x---a-R-c--s:------:allow
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
> user:42:r-x-----------:f-i----:allow
|
||||
> group:42:-w--D---------:-d-----:allow
|
||||
> group:43:-w--D---------:-d-----:deny
|
||||
> group@:-----da-------:-------:allow
|
||||
> group:44:rw-p-da-------:-------:allow
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:r-x---a-R-c--s:-------:allow
|
||||
> everyone@:-w-p--a-R-c--s:f-i----:allow
|
||||
|
||||
$ chmod 777 ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:rwxp--a-R-c--s:------:allow
|
||||
> everyone@:rwxp--a-R-c--s:------:allow
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:rwxp--a-R-c--s:-------:allow
|
||||
> everyone@:rwxp--a-R-c--s:-------:allow
|
||||
|
||||
# Test applying ACL to mode.
|
||||
$ rmdir ddd
|
||||
@ -360,104 +360,104 @@ $ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
|
||||
$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
|
||||
$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
|
||||
$ getfacl -qn ddd
|
||||
> user:41:-w-----A------:f--n--:allow
|
||||
> group:41:r-----a-------:-din--:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-d-n--:deny
|
||||
> group:43:-w---------C--:f-in--:deny
|
||||
> user:43:rwxp----------:------:allow
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:r-x---a-R-c--s:------:allow
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
> user:41:-w-----A------:f--n---:allow
|
||||
> group:41:r-----a-------:-din---:allow
|
||||
> user:42:-----------Co-:f-i----:allow
|
||||
> user:42:r-x-----------:f-i----:allow
|
||||
> group:42:-w--D---------:-d-n---:deny
|
||||
> group:43:-w---------C--:f-in---:deny
|
||||
> user:43:rwxp----------:-------:allow
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:r-x---a-R-c--s:-------:allow
|
||||
> everyone@:r-x---a-R-c--s:-------:allow
|
||||
|
||||
$ cd ddd
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:r-------------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:41:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> user:42:r-------------:------I:allow
|
||||
> group:43:-w---------C--:------I:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 077
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> user:41:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> group:43:-w---------C--:------I:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 770
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> owner@:rw-p----------:------:deny
|
||||
> group@:rw-p----------:------:deny
|
||||
> user:41:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:------aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:rw-p--a-R-c--s:------:allow
|
||||
> owner@:rw-p----------:-------:deny
|
||||
> group@:rw-p----------:-------:deny
|
||||
> user:41:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> group:43:-w---------C--:------I:deny
|
||||
> owner@:------aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:rw-p--a-R-c--s:-------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 707
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> owner@:rw-p----------:------:deny
|
||||
> user:41:-w------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:r-------------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:------aARWcCos:------:allow
|
||||
> group@:rw-p--a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> owner@:rw-p----------:-------:deny
|
||||
> user:41:-w------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> user:42:r-------------:------I:allow
|
||||
> group:43:-w---------C--:------I:deny
|
||||
> owner@:------aARWcCos:-------:allow
|
||||
> group@:rw-p--a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
|
||||
$ umask 077
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> group:41:------a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> group:41:------a-------:------I:allow
|
||||
> user:42:-----------Co-:f-i---I:allow
|
||||
> user:42:r-x-----------:f-i---I:allow
|
||||
> group:42:-w--D---------:------I:deny
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ umask 770
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> owner@:rwxp----------:------:deny
|
||||
> group@:rwxp----------:------:deny
|
||||
> group:41:------a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:------aARWcCos:------:allow
|
||||
> group@:------a-R-c--s:------:allow
|
||||
> everyone@:rwxp--a-R-c--s:------:allow
|
||||
> owner@:rwxp----------:-------:deny
|
||||
> group@:rwxp----------:-------:deny
|
||||
> group:41:------a-------:------I:allow
|
||||
> user:42:-----------Co-:f-i---I:allow
|
||||
> user:42:r-x-----------:f-i---I:allow
|
||||
> group:42:-w--D---------:------I:deny
|
||||
> owner@:------aARWcCos:-------:allow
|
||||
> group@:------a-R-c--s:-------:allow
|
||||
> everyone@:rwxp--a-R-c--s:-------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ umask 707
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> owner@:rwxp----------:------:deny
|
||||
> group:41:r-----a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:------aARWcCos:------:allow
|
||||
> group@:rwxp--a-R-c--s:------:allow
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
> owner@:rwxp----------:-------:deny
|
||||
> group:41:r-----a-------:------I:allow
|
||||
> user:42:-----------Co-:f-i---I:allow
|
||||
> user:42:r-x-----------:f-i---I:allow
|
||||
> group:42:-w--D---------:------I:deny
|
||||
> owner@:------aARWcCos:-------:allow
|
||||
> group@:rwxp--a-R-c--s:-------:allow
|
||||
> everyone@:------a-R-c--s:-------:allow
|
||||
|
||||
# There is some complication regarding how write_acl and write_owner flags
|
||||
# get inherited. Make sure we got it right.
|
||||
@ -478,34 +478,34 @@ $ umask 022
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ getfacl -nq xxx
|
||||
> user:53:--------------:------:allow
|
||||
> user:51:--------------:------:allow
|
||||
> user:50:--------------:------:allow
|
||||
> user:48:--------------:------:allow
|
||||
> user:47:--------------:------:allow
|
||||
> user:45:--------------:------:allow
|
||||
> user:44:--------------:------:allow
|
||||
> user:42:--------------:------:allow
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:53:--------------:------I:allow
|
||||
> user:51:--------------:------I:allow
|
||||
> user:50:--------------:------I:allow
|
||||
> user:48:--------------:------I:allow
|
||||
> user:47:--------------:------I:allow
|
||||
> user:45:--------------:------I:allow
|
||||
> user:44:--------------:------I:allow
|
||||
> user:42:--------------:------I:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ mkdir yyy
|
||||
$ getfacl -nq yyy
|
||||
> user:53:--------------:------:allow
|
||||
> user:52:--------------:------:allow
|
||||
> user:50:--------------:------:allow
|
||||
> user:49:--------------:------:allow
|
||||
> user:47:--------------:fd----:allow
|
||||
> user:46:--------------:-d----:allow
|
||||
> user:45:-----------Co-:f-i---:allow
|
||||
> user:44:--------------:fd----:allow
|
||||
> user:43:--------------:-d----:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:r-x---a-R-c--s:------:allow
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
> user:53:--------------:------I:allow
|
||||
> user:52:--------------:------I:allow
|
||||
> user:50:--------------:------I:allow
|
||||
> user:49:--------------:------I:allow
|
||||
> user:47:--------------:fd----I:allow
|
||||
> user:46:--------------:-d----I:allow
|
||||
> user:45:-----------Co-:f-i---I:allow
|
||||
> user:44:--------------:fd----I:allow
|
||||
> user:43:--------------:-d----I:allow
|
||||
> user:42:-----------Co-:f-i---I:allow
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:r-x---a-R-c--s:-------:allow
|
||||
> everyone@:r-x---a-R-c--s:-------:allow
|
||||
|
||||
$ setfacl -b .
|
||||
$ setfacl -a0 u:42:Co:f:deny .
|
||||
@ -524,34 +524,34 @@ $ umask 022
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ getfacl -nq xxx
|
||||
> user:53:-----------Co-:------:deny
|
||||
> user:51:-----------Co-:------:deny
|
||||
> user:50:-----------Co-:------:deny
|
||||
> user:48:-----------Co-:------:deny
|
||||
> user:47:-----------Co-:------:deny
|
||||
> user:45:-----------Co-:------:deny
|
||||
> user:44:-----------Co-:------:deny
|
||||
> user:42:-----------Co-:------:deny
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> user:53:-----------Co-:------I:deny
|
||||
> user:51:-----------Co-:------I:deny
|
||||
> user:50:-----------Co-:------I:deny
|
||||
> user:48:-----------Co-:------I:deny
|
||||
> user:47:-----------Co-:------I:deny
|
||||
> user:45:-----------Co-:------I:deny
|
||||
> user:44:-----------Co-:------I:deny
|
||||
> user:42:-----------Co-:------I:deny
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ mkdir yyy
|
||||
$ getfacl -nq yyy
|
||||
> user:53:-----------Co-:------:deny
|
||||
> user:52:-----------Co-:------:deny
|
||||
> user:50:-----------Co-:------:deny
|
||||
> user:49:-----------Co-:------:deny
|
||||
> user:47:-----------Co-:fd----:deny
|
||||
> user:46:-----------Co-:-d----:deny
|
||||
> user:45:-----------Co-:f-i---:deny
|
||||
> user:44:-----------Co-:fd----:deny
|
||||
> user:43:-----------Co-:-d----:deny
|
||||
> user:42:-----------Co-:f-i---:deny
|
||||
> owner@:rwxp--aARWcCos:------:allow
|
||||
> group@:r-x---a-R-c--s:------:allow
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
> user:53:-----------Co-:------I:deny
|
||||
> user:52:-----------Co-:------I:deny
|
||||
> user:50:-----------Co-:------I:deny
|
||||
> user:49:-----------Co-:------I:deny
|
||||
> user:47:-----------Co-:fd----I:deny
|
||||
> user:46:-----------Co-:-d----I:deny
|
||||
> user:45:-----------Co-:f-i---I:deny
|
||||
> user:44:-----------Co-:fd----I:deny
|
||||
> user:43:-----------Co-:-d----I:deny
|
||||
> user:42:-----------Co-:f-i---I:deny
|
||||
> owner@:rwxp--aARWcCos:-------:allow
|
||||
> group@:r-x---a-R-c--s:-------:allow
|
||||
> everyone@:r-x---a-R-c--s:-------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ rm xxx
|
||||
|
@ -42,9 +42,9 @@ $ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
|
||||
$ getfacl -q xxx
|
||||
> owner@:rw-p--aARWcCos:------:allow
|
||||
> group@:r-----a-R-c--s:------:allow
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p--aARWcCos:-------:allow
|
||||
> group@:r-----a-R-c--s:-------:allow
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Check whether ls(1) correctly recognizes draft-style trivial ACLs.
|
||||
$ rm xxx
|
||||
@ -58,12 +58,12 @@ $ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
|
||||
$ getfacl -q xxx
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:--x-----------:-------:deny
|
||||
> owner@:rw-p---A-W-Co-:-------:allow
|
||||
> group@:-wxp----------:-------:deny
|
||||
> group@:r-------------:-------:allow
|
||||
> everyone@:-wxp---A-W-Co-:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
# Make sure ls(1) actually can recognize something as non-trivial.
|
||||
$ setfacl -x0 xxx
|
||||
@ -72,11 +72,11 @@ $ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--+
|
||||
|
||||
$ getfacl -q xxx
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
> owner@:rw-p---A-W-Co-:-------:allow
|
||||
> group@:-wxp----------:-------:deny
|
||||
> group@:r-------------:-------:allow
|
||||
> everyone@:-wxp---A-W-Co-:-------:deny
|
||||
> everyone@:r-----a-R-c--s:-------:allow
|
||||
|
||||
$ rm xxx
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user