Using umask instead of explicit mode bits to create
files/directories
Johannes Tyve
Johannes.Tyve at sgu.se
Wed Nov 15 13:33:44 GMT 2000
To show the problem:
A directory contains the following acls:
jste at sys3:test> getfacl .
# file: .
# owner: jste
# group: adb
user::rwx
user:ronnie:rwx #effective:rwx
group::r-x #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:user:ronnie:rwx
default:group::r-x
default:mask:rwx
default:other:r-x
If I create a directory using (umask 0) mkdir("dir_mode",0755); The
result is:
jste at sys3:test> getfacl dir_mode
# file: dir_mode
# owner: jste
# group: adb
user::rwx
user:ronnie:rwx #effective:r-x
group::r-x #effective:r-x
mask:r-x
other:r-x
default:user::rwx
default:user:ronnie:rwx
default:group::r-x
default:mask:rwx
default:other:r-x
If I create a directory using (umask 022) mkdir("dir_umask",0777); The
result is:
jste at sys3:test> getfacl dir_umask
# file: dir_umask
# owner: jste
# group: adb
user::rwx
user:ronnie:rwx #effective:rwx
group::r-x #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:user:ronnie:rwx
default:group::r-x
default:mask:rwx
default:other:r-x
As you see there a big difference. Using umask the acl is applied but
using mode the mode bits are applied and the acl-mask is changed.
Please reply to samba-technical and my adress since I'm not on the
samba-technical maillist yet.
Regards,
Johannes
David Collier-Brown wrote:
>
> Johannes Tyve wrote:
> >
> > At our site we use Samba 2.0.7 on Solaris 2.6. Solaris ACLs is used to
> > manage permissions on files and directories.
> >
> > After applying patch 106141 on our system the behavior of mkdir changed.
> > If a directory is created inside a direcory containing default-acl:s the
> > umask will not be applied. To get this behavior in samba we had to
> > modify two functions inside doscalls.c, dos_open() and dos_mkdir(). The
> > functions are modified to use umask insted of mode bits to create
> > files/directories.
>
> This sounds odd: the umask is translated into the
> ACL mask (ie, it's preserved and applied to the
> acls too[1]), but setting the mode in the call to
> open (called from sys_open, called from dos_open)
> is defined as applying, subject to the umask[2].
>
> In short, I'm puzzled at there being any change in the
> system's behavior! Patch 106141 fixes a bug with
> default acl's and setgid[3], circa 1998-05-06.
>
> I do expect that setting ACLS will modify the umask, and
> therefor override the mode bits in the open call: perhaps
> this is what you're seeing. If so, it's intentional!
>
> Can you do a getfacl of the the directory? If you have
> default ACLs, they're supposed to modify the permissions
> on the file...
>
> --dave
> ---
> [1] from setfacl(1) on Solaris
> Setting an ACL on a file also modifies the file's permission
> bits. The user entry modifies the file owner permission
> bits. If you don't specify a mask entry, the group entry
> modifies the file group owner permission bits. If you
> specify a mask entry, the file group owner permission bits
> are modified based on the intersection (bitwise AND) of the
> group and mask entries. The other entry modifies the other
> permission bits.
>
> If you use the chmod(1) command to change the file group
> owner permissions on a file with ACL entries, both the file
> group owner permissions and the ACL mask are changed to the
> new permissions. Be aware that the new ACL mask permissions
> may change the effective permissions for additional users
> and groups who have ACL entries on the file.
> [umask has the same effect as chmod, but occurs
> on file creation --dave]
> [2] from open(2) on Solaris
> The access permission bits (see
> <sys/stat.h>) of the file mode are set to the value of
> mode, modified as follows (see creat(2)): a bitwise-
> AND is performed on the file-mode bits and the
> corresponding bits in the complement of the process's
> file mode creation mask. Thus, all bits set in the
> process's file mode creation mask (see umask(2)) are
> correspondingly cleared in the file's permission mask.
> [3] BUG 4042372 - Directories with both the SGID bit set and default
> ACLs do not inherit the group owner of the parent directory as
> they do when the default ACLs do not exist.
>
> --
> David Collier-Brown, | Always do right. This will gratify some people
> 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
> Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
> Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list