# setfacl -m u:trasz:rwx x
# setfacl -m u:root:rwx x
# getfacl x
# file: x
# owner: root
# group: wheel
user::rw-
user:root:rwx
user:trasz:rwx
group::r--
mask::rwx
other::r--
# setfacl -m u:root:rwx x
setfacl: x: acl_calc_mask() failed: Invalid argument
setfacl: x: failed to set ACL mask
For NFSv4 ACLs, this sort of situation would result in duplicated
entries.
MFC after: 1 month
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.
Submitted by: Pedro Martelletto <pedro at ambientworks.net>
Approved by: rwatson (mentor)
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.
Submitted by: Oleg Lomaka <oleg.lomaka at gmail com>
MFC after: 1 week
Approved by: kan (mentor)
tools such as chmod(1) and ls(1) when it comes to acting on objects
that have POSIX.1e extended ACLs. Specifically, discuss the
substitution of the mask entry for the group entry in the mode
representation of the ACL. Differently worded from the submission,
and could probably use further refinement.
PR: 55319
Submitted by: Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
similar to "-h" on chown, chmod, etc, causing the operation to occur
on a final symlink in the provided path, rather than its target.
Obtained from: TrustedBSD Project
o explicitly check return values and variables against a value
o return x; -> return (x);
o fix inconsistent sysexits usage by nuking it (partially
suggested by bde)
Obtained from: TrustedBSD Project
group ACL entry in relation to the existing group and mask
ACL entries.
o Move the explanation of multiple ACL entries on the command
line to the ACL ENTRIES section.
Obtained from: TrustedBSD Project
required by POSIX.1e. This maintains the current 'struct acl'
in the kernel while providing the generic external acl_t
interface required to complete the ACL editing library.
o Add the acl_get_entry() function.
o Convert the existing ACL utilities, getfacl and setfacl, to
fully make use of the ACL editing library.
Obtained from: TrustedBSD Project