Am Di., 15. Nov. 2022 um 10:17 Uhr schrieb Ondrej Valousek <ondrej.valousek...@renesas.com>: > I mean from RFC8881: > " The server that supports both mode and ACL must take care to synchronize > the MODE4_*USR, MODE4_*GRP, and MODE4_*OTH bits with the ACEs that have > respective who fields of "OWNER@", "GROUP@", and "EVERYONE@". This way, the > client can see if semantically equivalent access permissions exist whether > the client asks for the owner, owner_group, and mode attributes or for just > the ACL." > > ... I take it these 3 ACEs should always represent mode bits.
The NFSv4 specification is /very/ bad at specifying the interaction between the acl and mode attributes. For example, consider an ACL like "A::EVERYONE@:rwaDx" for a directory. This would correspond to a mode attribute of "------rwx" according to the above statement, but the ACL really grants "rwx" access to everyone including the owner and the owning group, which would equate to a mode attribute of "rwxrwxrwx". (Remember that the lower three mode bits indicate the permissions of "others", which excludes the owner and the owning group, so "------rwx" is not the same as "rwxrwxrwx".) Andreas