Using umask instead of explicit mode bits to create
files/directories
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed Nov 15 12:52:35 GMT 2000
Johannes Tyve wrote:
>
> At our site we use Samba 2.0.7 on Solaris 2.6. Solaris ACLs is used to
> manage permissions on files and directories.
>
> After applying patch 106141 on our system the behavior of mkdir changed.
> If a directory is created inside a direcory containing default-acl:s the
> umask will not be applied. To get this behavior in samba we had to
> modify two functions inside doscalls.c, dos_open() and dos_mkdir(). The
> functions are modified to use umask insted of mode bits to create
> files/directories.
This sounds odd: the umask is translated into the
ACL mask (ie, it's preserved and applied to the
acls too[1]), but setting the mode in the call to
open (called from sys_open, called from dos_open)
is defined as applying, subject to the umask[2].
In short, I'm puzzled at there being any change in the
system's behavior! Patch 106141 fixes a bug with
default acl's and setgid[3], circa 1998-05-06.
I do expect that setting ACLS will modify the umask, and
therefor override the mode bits in the open call: perhaps
this is what you're seeing. If so, it's intentional!
Can you do a getfacl of the the directory? If you have
default ACLs, they're supposed to modify the permissions
on the file...
--dave
---
[1] from setfacl(1) on Solaris
Setting an ACL on a file also modifies the file's permission
bits. The user entry modifies the file owner permission
bits. If you don't specify a mask entry, the group entry
modifies the file group owner permission bits. If you
specify a mask entry, the file group owner permission bits
are modified based on the intersection (bitwise AND) of the
group and mask entries. The other entry modifies the other
permission bits.
If you use the chmod(1) command to change the file group
owner permissions on a file with ACL entries, both the file
group owner permissions and the ACL mask are changed to the
new permissions. Be aware that the new ACL mask permissions
may change the effective permissions for additional users
and groups who have ACL entries on the file.
[umask has the same effect as chmod, but occurs
on file creation --dave]
[2] from open(2) on Solaris
The access permission bits (see
<sys/stat.h>) of the file mode are set to the value of
mode, modified as follows (see creat(2)): a bitwise-
AND is performed on the file-mode bits and the
corresponding bits in the complement of the process's
file mode creation mask. Thus, all bits set in the
process's file mode creation mask (see umask(2)) are
correspondingly cleared in the file's permission mask.
[3] BUG 4042372 - Directories with both the SGID bit set and default
ACLs do not inherit the group owner of the parent directory as
they do when the default ACLs do not exist.
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list