Using umask instead of explicit mode bits to create files/directories

Johannes Tyve Johannes.Tyve at sgu.se
Wed Nov 15 15:35:18 GMT 2000 

David Collier-Brown wrote:
> 
> Johannes Tyve wrote:
> [sliced down somewhat]
> 
> > A directory contains the following acls:
> > default:user::rwx
> > default:user:ronnie:rwx
> > default:group::r-x
> > default:mask:rwx          -- this is going to be what's inherited
> > default:other:r-x
> 
> > If I create a directory using (umask 0) mkdir("dir_mode",0755); The
> > result is:
> > user::rwx
> > user:ronnie:rwx         #effective:r-x
> > group::r-x              #effective:r-x
> > mask:r-x
> > other:r-x
>                             -- as expected
> 
> > If I create a directory using (umask 022) mkdir("dir_umask",0777); The
> > result is:
>                         -- I predict the 777 will be masked to 755
> > user::rwx
> > user:ronnie:rwx         #effective:rwx
> > group::r-x              #effective:r-x
> > mask:rwx
> > other:r-x
>                         -- note that the mask is the one thing
>                         -- that's different: the directory is 755,
>                         -- as expected.
> 
> > As you see there a big difference. Using umask the acl is applied but
> > using mode the mode bits are applied and the acl-mask is changed.
> 
>         Ok, both do what you'd expect to the file (phew!)
> 
>         What's interesting is what happens to the acl mask,
>         which is the ACL system's (near-)equivalent of the umask
> 
>         If the umask is 0, the acl mask becomes r-x (05).
>         If the umask is 022 (compliment of 0755) the acl
>         mask becomes rwx (07).
>         I can reproduce this on Solaris 8, with a bit of work...
> 
>         This looks backwards, somehow.
> 
>         Can you describe what is bad about this, so I can
>         write it up as a bug?
>
 
I think there has been a discussion of how mkdir should behave. I prefer
that the acl-mask becomes (07) because I wish to share my file with my
co-workers (ronnie in this case). If the mask becomes (05) I'm the only
one with write permissions and that is not the prefered option.

I don't know if this is a bug (in solaris) but maybe acl:s always should
override the umask? But I don't know how the explicit mode request in
mkdir() should be handled.

In samba i think that samba should use umask instead of explicit mode
request when creating files and directories. Othervise there will be
different result if a user creates a directory in solaris locally using
/usr/bin/mkdir, compared to a user that creates the directory using a
samba-mounted share (which calls mkdir()).

/Johannes

More information about the samba-technical mailing list