[Acl-Devel] mask ACL

Andreas Gruenbacher agruen at suse.de
Thu Apr 3 15:24:22 EST 2003

On Thursday 03 April 2003 05:26, Buck Huppmann wrote:
> On Tue, Apr 01, 2003 at 11:09:32PM -0500, Buck Huppmann wrote:
> > yes, my bad. sorry. before i throw out more babies with the bathwater,
> > though, anybody know if any other systems besides HP-UX and Solaris
> > (for default ACLs, at least) require a MASK/CLASS_OBJ when there are
> > no non-USER_OBJ/GROUP_OBJ/OTHER entries?
> >
> > thanks, Eric C., for finding this out
> to wind this up, for anybody who cares, the latest, greatest versions
> of this patch are up at http://www.lpmd.org/rsync/ (thanks to John C.
> again for hosting) for 2.5.5 and 2.5.6. use at your own risk, but let
> me know if you find bugs (so i can mitigate my own risk)
> on the matter of which platforms require masks/CLASS_OBJs, i gave the
> samba sysacls.c a quick once over and discerned that, at least for
> the mappings as implemented therein, HP-UX, Unixware and Solaris re-
> quire CLASS_OBJs, which the new code synthesizes by or-ing all group
> and named-user ACEs, as you might expect, in the absence of a source
> mask/CLASS_OBJ entry

You should also throw away CLASS_OBJs on those systems which require 
four-entry ACLs, possibly only the CLASS_OBJ entry's permissions are 
identical with the GROUP_OBJ permissions. If you don't do, all the files will 
get extended ACLs on the remote side. On those systems which require the 
CLASS_OBJs, the CLASS_OBJs are actually meaningless in the four-entry ACL 
case, anyway.

ACLs are a nice disaster.


More information about the rsync mailing list