On Wed, May 29, 2013 at 3:14 PM, Colin Walters <walt...@verbum.org> wrote: > I fully realize you did not introduce the current naming scheme in > acl-util.c, but more stomping on the "acl_" namespace that currently > lives in libacl.so seems like a bad idea - they'd be fully within their > rights to introduce a symbol acl_calc_mask_if_needed() which we'd > transparently shadow.
Well, another patch can change those two functions then, if needed. > Anyways, on to the actual content of the patch...I've sat down with > "man 5 acl", and it seems possible to me you're still reintroducing the > bug Lennart was trying to fix. From his commit message, I think it's > that /var/log had an ACL with group-executable in the default ACL, we'll > end up recalculating the mask still, and that would include the group > execute. I've actually tested this. A "setfacl -d -m g:adm:r-- machine-dir" gave it the following ACL: # file: <machine-id> # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:group:adm:r-- default:mask::r-x default:other::r-x User journals ended up with the following ACL: # file: user-1000.journal # owner: root # group: systemd-journal user::rw- user:jan:r-- group::r-x #effective:r-- group:adm:r-- mask::r-- other::--- So the fchmod (0640) stays intact: user::rw- (6), mask::r-- (4), other::--- (0). The executable bit in the "group" entry added by the directory default ACL is masked. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel