37 Commits

Author SHA1 Message Date
markj
2793a18599 Don't set NFSv4 ACL inheritance flags on non-directories.
They only make sense in the context of directory ACLs, and attempting
to set them on regular files results in errors, causing a recursive
setfacl invocation to abort.

This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org>
and Mitchell Horne <mhorne063@gmail.com>.

PR:		155163
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15061
2018-10-26 21:17:06 +00:00
emaste
08678b9328 setfacl: minor man page edit to appease igor(1) 2018-04-11 13:33:12 +00:00
emaste
9d834e6c49 setfacl: add recursive functionality
Add a -R option to setfacl to operate recursively on directories, along
with the accompanying flags -H, -L, and -P (whose behaviour mimics
chmod).

A patch was submitted with PR 155163, but this is a new implementation
based on comments raised in the Phabricator review for that patch
(review D9096).

PR:		155163
Submitted by:	Mitchell Horne <mhorne063@gmail.com>
Reviewed by:	jilles
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14934
2018-04-10 23:29:57 +00:00
bjk
782597315d Fix mandoc -Tlint warnings in bin/
Many style-level issues are still reported.

Submitted by:	Yuri Pankov <yuripv@gmx.com>
Reviewed by:	jilles (previous revision)
Differential Revision:	https://reviews.freebsd.org/D13334
2017-12-07 01:57:27 +00:00
trasz
ccc7c0bf60 Don't mention the "canonical six" in setfacl(1); it describes semantics
that's long gone.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-23 12:19:37 +00:00
delphij
db0a2c953d Expose an interface to determine if an ACE is inherited.
Submitted by:	sef
Reviewed by:	trasz
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3540
2015-09-04 00:14:20 +00:00
bapt
42044eb342 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
trasz
3b2ecc9e06 Mention that read_attributes, write_attributes, read_acl and write_acl
are always permitted for the file owner.

PR:		kern/174948
MFC after:	1 week
2013-04-01 13:17:28 +00:00
trasz
57fb31bcdb Fix NFSv4 permission description in setfacl(1) manual page: the 'D'
means delete_child, not delete.

MFC after:	1 week
2013-02-08 18:43:47 +00:00
trasz
19b8d932d1 Improve description of the "-m" option to setfacl(1).
Submitted by:	scottl
MFC after:	1 week
2013-02-08 18:12:16 +00:00
trasz
2e7f4de812 In the setfacl(1) manual page, make it clear that for NFSv4 ACLs,
one should really use -a and -x instead of -m.

MFC after:	1 week
2013-02-08 18:02:28 +00:00
trasz
0d3b3bd793 Fix compact form of "synchronize" permission in setfacl(1) manual page - it
should be "s", not "S".

PR:		docs/162380
MFC after:	2 weeks
2012-09-03 17:26:20 +00:00
eadler
1ef5fe44d3 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
trasz
53df99cb04 Make it possible to use permission sets (full_set, modify_set, read_set
and write_set) with setfacl(1).

PR:		kern/154113
Submitted by:	Shawn Webb <lattera at gmail dot com> (earlier version)
MFC after:	1 month
2011-04-09 07:42:25 +00:00
bcr
b14508778a Typo fix: s/ommited/omitted
MFC after: 4 days
2010-07-27 17:33:02 +00:00
trasz
5508b47842 Update authors and history.
MFC after:	1 week
2010-05-13 16:46:23 +00:00
joel
8a03745eab Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
trasz
365d19e2c3 Add NFSv4 support to setfacl(1).
Reviewed by:	rwatson
2009-09-07 16:19:32 +00:00
csjp
3b3c1f459b Add hard sentence breaks.
Pointed out by:	rwatson
MFC after:	1 week
2008-07-06 22:47:10 +00:00
csjp
05c2789f33 Document default ACLs and how to use them.
MFC after:	1 week
2008-07-06 20:29:35 +00:00
ru
36d05684e7 Markup fixes. 2006-09-17 17:40:07 +00:00
maxim
50f099ffb3 o Fix grammar, format. 2006-06-09 17:03:24 +00:00
kib
75caa7bb1c Document the way to get list of files to process from the stdin.
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:11:23 +00:00
ru
e279c872b1 [mdoc] add missing space before a punctuation type argument. 2005-12-13 17:07:52 +00:00
ru
978b8f7f1d Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 17:37:39 +00:00
ru
ffd9fd4c0e Add the new standard EXIT STATUS section where appropriate.
Sort standard sections in the (documented) preferred order.
2005-01-16 16:41:59 +00:00
imp
a76898b849 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
ru
d40c857e0d Mechanically kill hard sentence breaks. 2004-07-02 21:04:19 +00:00
rwatson
aa16198749 Add additional documentation to setfacl(1) regarding the behavior of
tools such as chmod(1) and ls(1) when it comes to acting on objects
that have POSIX.1e extended ACLs.  Specifically, discuss the
substitution of the mask entry for the group entry in the mode
representation of the ACL.  Differently worded from the submission,
and could probably use further refinement.

PR:		55319
Submitted by:	Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl>
2003-08-07 14:52:17 +00:00
rwatson
635446ba11 Add "-h" arguments to getfacl and setfacl, which behave in a manner
similar to "-h" on chown, chmod, etc, causing the operation to occur
on a final symlink in the provided path, rather than its target.

Obtained from:	TrustedBSD Project
2002-12-30 15:36:29 +00:00
ru
52cba5d797 Spelling. 2001-12-04 14:20:46 +00:00
jedgar
e0f46659fc Correct example to remove *all* extended ACL entries and
clarify description.
2001-12-03 00:27:15 +00:00
jedgar
e95759f464 o Expand the explaination of the -b option WRT the resulting
group ACL entry in relation to the existing group and mask
  ACL entries.
o Move the explanation of multiple ACL entries on the command
  line to the ACL ENTRIES section.

Obtained from:	TrustedBSD Project
2001-12-02 18:46:33 +00:00
ru
bde8ec1b70 mdoc(7) police: utilize the new .Ex macro. 2001-08-15 09:09:47 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
d3cb884455 mdoc(7) police: fix markup and some spelling. 2001-03-23 08:14:27 +00:00
rwatson
4978ee9a87 o POSIX.2c Userland tool support for POSIX.1e ACLs -- getfacl retrieves ACLs
from files and directories, and setfacl sets ACLs on files and directories.

Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2001-03-19 18:09:25 +00:00