• J. Bruce Fields's avatar
    nfsd4: don't create unnecessary mask acl · 06f9cc12
    J. Bruce Fields authored
    Any setattr of the ACL attribute, even if it sets just the basic 3-ACE
    ACL exactly as it was returned from a file with only mode bits, creates
    a mask entry, and it is only the mask, not group, entry that is changed
    by subsequent modifications of the mode bits.
    
    So, for example, it's surprising that GROUP@ is left without read or
    write permissions after a chmod 0666:
    
      touch test
      chmod 0600 test
      nfs4_getfacl test
            A::OWNER@:rwatTcCy
            A::GROUP@:tcy
            A::EVERYONE@:tcy
      nfs4_getfacl test | nfs4_setfacl -S - test #
      chmod 0666 test
      nfs4_getfacl test
            A::OWNER@:rwatTcCy
            A::GROUP@:tcy
            D::GROUP@:rwa
            A::EVERYONE@:rwatcy
    
    So, let's stop creating the unnecessary mask ACL.
    
    A mask will still be created on non-trivial ACLs (ACLs with actual named
    user and group ACEs), so the odd posix-acl behavior of chmod modifying
    only the mask will still be left in that case; but that's consistent
    with local behavior.
    Reported-by: default avatarSoumya Koduri <skoduri@redhat.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    06f9cc12
nfs4acl.c 23.8 KB