Using umask instead of explicit mode bits to create files/directories

David Collier-Brown David.Collier-Brown at canada.sun.com
Wed Nov 15 12:52:35 GMT 2000 

Johannes Tyve wrote:
> 
> At our site we use Samba 2.0.7 on Solaris 2.6. Solaris ACLs is used to
> manage permissions on files and directories.
> 
> After applying patch 106141 on our system the behavior of mkdir changed.
> If a directory is created inside a direcory containing default-acl:s the
> umask will not be applied. To get this behavior in samba we had to
> modify two functions inside doscalls.c, dos_open() and dos_mkdir(). The
> functions are modified to use umask insted of mode bits to create
> files/directories.


	This sounds odd: the umask is translated into the
	ACL mask (ie, it's preserved and applied to the 
	acls too[1]), but setting the mode in the call to
	open (called from sys_open, called from dos_open)
	is defined as applying, subject to the umask[2].

	In short, I'm puzzled at there being any change in the
	system's behavior! Patch 106141 fixes a bug with
	default acl's and setgid[3], circa 1998-05-06.

	I do expect that setting ACLS will modify the umask, and
	therefor override the mode bits in the open call: perhaps
	this is what you're seeing. If so, it's intentional!

	Can you do a getfacl of the the directory? If you have 
	default ACLs, they're supposed to modify the permissions
	on the file...

--dave
---
[1] from setfacl(1) on Solaris 
      Setting an ACL on a file also modifies the file's permission
      bits.  The  user   entry  modifies the file owner permission
      bits. If you don't specify a mask  entry,  the  group  entry
      modifies  the  file  group  owner  permission  bits.  If you
      specify a mask entry, the file group owner  permission  bits
      are  modified based on the intersection (bitwise AND) of the
      group and mask entries. The other entry modifies  the  other
      permission bits.

      If  you use the chmod(1) command to change  the  file  group
      owner  permissions on a file with ACL entries, both the file
      group owner permissions and the ACL mask are changed to  the
      new  permissions. Be aware that the new ACL mask permissions
      may change the effective permissions  for  additional  users
      and groups who have ACL entries on the file.
	[umask has the same effect as chmod, but occurs
	 on file creation --dave]
[2] from open(2) on Solaris
 			       The  access  permission  bits  (see
            <sys/stat.h>) of the file mode are set to the value of
            mode, modified as follows (see creat(2)):  a  bitwise-
            AND  is  performed  on  the  file-mode  bits  and  the
            corresponding bits in the complement of the  process's
            file  mode  creation  mask.  Thus, all bits set in the
            process's file mode creation mask (see  umask(2))  are
            correspondingly cleared in the file's permission mask.
[3] BUG 4042372 - Directories with both the SGID bit set and default 
      ACLs do not inherit the group owner of the parent directory as
      they do when the default ACLs do not exist.


-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com

More information about the samba-technical mailing list