Commit Graph

56 Commits

Author SHA1 Message Date
Edward Tomasz Napierala
6e924edbde Fix an error in setfacl(1) that manifested like this:
# setfacl -m u:trasz:rwx x
# setfacl -m u:root:rwx x
# getfacl x
# file: x
# owner: root
# group: wheel
user::rw-
user:root:rwx
user:trasz:rwx
group::r--
mask::rwx
other::r--
# setfacl -m u:root:rwx x
setfacl: x: acl_calc_mask() failed: Invalid argument
setfacl: x: failed to set ACL mask

For NFSv4 ACLs, this sort of situation would result in duplicated
entries.

MFC after:	1 month
2012-09-04 12:19:34 +00:00
Edward Tomasz Napierala
8ed068d31c Make "setfacl -bd" an alias for "setfacl -k". Previously it would crash
on assert.

PR:		bin/165807
MFC after:	1 month
2012-09-04 11:50:13 +00:00
Edward Tomasz Napierala
00b2b3a55d Make setfacl(1) behave properly in situations like "setfacl -kd".
MFC after:	1 month
2012-09-04 11:43:00 +00:00
Edward Tomasz Napierala
9828700277 Fix compact form of "synchronize" permission in setfacl(1) manual page - it
should be "s", not "S".

PR:		docs/162380
MFC after:	2 weeks
2012-09-03 17:26:20 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Edward Tomasz Napierala
181b4eebb9 Make it possible to use permission sets (full_set, modify_set, read_set
and write_set) with setfacl(1).

PR:		kern/154113
Submitted by:	Shawn Webb <lattera at gmail dot com> (earlier version)
MFC after:	1 month
2011-04-09 07:42:25 +00:00
Jaakko Heinonen
b38dc7ebea Increase carried_error if we skip a file due to an error. This ensures
that setfacl(1) exits with proper exit status on failure.

PR:		bin/149780
Submitted by:	Ævar Arnfjörð Bjarmason (original version)
Reviewed by:	trasz
MFC after:	3 weeks
2011-01-03 17:17:31 +00:00
Benedict Reuschling
c73b6b8f1d Typo fix: s/ommited/omitted
MFC after: 4 days
2010-07-27 17:33:02 +00:00
Edward Tomasz Napierala
413f7daf59 Update authors and history.
MFC after:	1 week
2010-05-13 16:46:23 +00:00
Joel Dahl
a303eae7c8 Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
Edward Tomasz Napierala
6c9c14c5dc Fix breakage introduced in last commit. 2009-12-26 11:03:10 +00:00
Edward Tomasz Napierala
c93b62deca Improve ACL branding mismatch detection and reporting in some rare cases,
such as "setfacl -m ''".
2009-12-26 10:06:45 +00:00
Edward Tomasz Napierala
3f22187878 Add NFSv4 support to setfacl(1).
Reviewed by:	rwatson
2009-09-07 16:19:32 +00:00
Edward Tomasz Napierala
23f80af2ca Fix double free in setfacl(1). Description from the author:
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.

Submitted by:	Pedro Martelletto <pedro at ambientworks.net>
Approved by:	rwatson (mentor)
2008-09-06 13:17:35 +00:00
Christian S.J. Peron
f9655da0fb Add hard sentence breaks.
Pointed out by:	rwatson
MFC after:	1 week
2008-07-06 22:47:10 +00:00
Christian S.J. Peron
bc068d93d1 Document default ACLs and how to use them.
MFC after:	1 week
2008-07-06 20:29:35 +00:00
Kirk McKusick
b5ea8f4cbc Implement the -h flag (set an ACL on a symbolic link).
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
2007-02-26 00:42:17 +00:00
Ruslan Ermilov
9badf57f01 Markup fixes. 2006-09-17 17:40:07 +00:00
Maxim Konovalov
1627632858 o Fix grammar, format. 2006-06-09 17:03:24 +00:00
Konstantin Belousov
ba4af6fa0d Document the way to get list of files to process from the stdin.
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:11:23 +00:00
Konstantin Belousov
410572a159 Copy filename read from the stdin into the private buffer. Otherwise,
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.

Submitted by:	Oleg Lomaka <oleg.lomaka at gmail com>
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:09:26 +00:00
Ruslan Ermilov
a5b0d9050a [mdoc] add missing space before a punctuation type argument. 2005-12-13 17:07:52 +00:00
Ruslan Ermilov
a89237ae95 Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 17:37:39 +00:00
Ruslan Ermilov
6fca4c7c3f Add the new standard EXIT STATUS section where appropriate.
Sort standard sections in the (documented) preferred order.
2005-01-16 16:41:59 +00:00
Warner Losh
9ddb49cbe4 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
Ruslan Ermilov
eccea571a7 Mechanically kill hard sentence breaks. 2004-07-02 21:04:19 +00:00
David E. O'Brien
503d530bde style.Makefile(5) 2004-06-13 19:22:53 +00:00
Robert Watson
ea03990629 Add additional documentation to setfacl(1) regarding the behavior of
tools such as chmod(1) and ls(1) when it comes to acting on objects
that have POSIX.1e extended ACLs.  Specifically, discuss the
substitution of the mask entry for the group entry in the mode
representation of the ACL.  Differently worded from the submission,
and could probably use further refinement.

PR:		55319
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-08-07 14:52:17 +00:00
Robert Watson
95e367261e -v no longer a valid argument to setfacl(1) -- remove from usage().
PR:		55318
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-08-07 14:43:43 +00:00
Robert Watson
4615eb20c3 When reporting an error internalizing an ACL string, print out the
ACL that generated the error, rather than the function, which is
more user-friendly.

Obtained from:	TrustedBSD Project
Product of:	France
2003-07-18 16:00:26 +00:00
Robert Watson
8051fddedc Add "-h" arguments to getfacl and setfacl, which behave in a manner
similar to "-h" on chown, chmod, etc, causing the operation to occur
on a final symlink in the provided path, rather than its target.

Obtained from:	TrustedBSD Project
2002-12-30 15:36:29 +00:00
David E. O'Brien
2749b14129 Consistently use FBSDID 2002-06-30 05:15:05 +00:00
Chris D. Faulhaber
95a801b700 Remove extraneous blank line 2002-02-19 02:36:35 +00:00
Chris D. Faulhaber
32e7fd5991 Use acl_dup() to duplicate an ACL instead of rolling our own 2002-02-19 02:36:15 +00:00
Chris D. Faulhaber
42dcd8695a Use a more correct method of copying entire ACLs (fixes
operation under Linux).
2002-02-03 02:37:43 +00:00
Ruslan Ermilov
a93dfd0f71 Spelling. 2001-12-04 14:20:46 +00:00
David E. O'Brien
a748290789 Default to WARNS=2. Binary builds that cannot handle this must explicitly
set WARNS=0.

Reviewed by:	mike
2001-12-04 01:57:47 +00:00
Chris D. Faulhaber
a540fec399 Move the code merging ACL_USER and ACL_GROUP objects from under
two nested while loops into a separate function.

Obtained from: 	TrustedBSD Project
2001-12-03 02:24:24 +00:00
Chris D. Faulhaber
993f5df628 Add defines for access and default ACLs (ACCESS_ACL/DEFAULT_ACL)
to enhance readability.

Obtained from:	TrustedBSD Project
2001-12-03 01:20:52 +00:00
Chris D. Faulhaber
a043a09da7 style(9) cleanups mostly consisting of:
o explicitly check return values and variables against a value
o return x; -> return (x);
o fix inconsistent sysexits usage by nuking it (partially
  suggested by bde)

Obtained from:	TrustedBSD Project
2001-12-03 00:51:36 +00:00
Chris D. Faulhaber
05da5209f6 Correct example to remove *all* extended ACL entries and
clarify description.
2001-12-03 00:27:15 +00:00
Chris D. Faulhaber
458ad6cb17 o Expand the explaination of the -b option WRT the resulting
group ACL entry in relation to the existing group and mask
  ACL entries.
o Move the explanation of multiple ACL entries on the command
  line to the ACL ENTRIES section.

Obtained from:	TrustedBSD Project
2001-12-02 18:46:33 +00:00
Chris D. Faulhaber
405c561518 o Correct error message forgotten in the last commit (malloc() -> calloc())
o Fix style nits

Submitted by:	bde
2001-12-02 18:15:53 +00:00
Chris D. Faulhaber
d0b8d0fdfc Use calloc(3) instead of rolling our own. 2001-12-02 01:52:34 +00:00
Ruslan Ermilov
d628d776c4 mdoc(7) police: utilize the new .Ex macro. 2001-08-15 09:09:47 +00:00
Dima Dorfman
982f5d88ff WARNS= -> WARNS?=
Submitted by:	Mike Barcroft <mike@q9media.com>
2001-06-22 21:38:30 +00:00
Kris Kennaway
0a26b6bbc0 Silence WARNS=2 and BDECFLAGS on alpha and i386
MFC After:	1 week
2001-05-20 05:13:21 +00:00
Chris D. Faulhaber
0051154b1c Correct assignment of the resulting ACL allowing the mask entry to
be properly set.

Obtained from:	TrustedBSD Project
2001-05-03 03:17:44 +00:00
Chris D. Faulhaber
0f6263079e o Separate acl_t into internal and external representations as
required by POSIX.1e.  This maintains the current 'struct acl'
  in the kernel while providing the generic external acl_t
  interface required to complete the ACL editing library.
o Add the acl_get_entry() function.
o Convert the existing ACL utilities, getfacl and setfacl, to
  fully make use of the ACL editing library.

Obtained from:	TrustedBSD Project
2001-04-24 22:45:41 +00:00
Ruslan Ermilov
eb0838029f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00