Public bug reported: Hi!
According to my experience the Linux Kernel Access Control evaluate wrongly the POSIX ACL-s when a mask is null (mask::---) Let's see an example: root@bar:~# getfacl /tmp/test getfacl: Removing leading '/' from absolute path names # file: tmp/test # owner: root # group: root user::rw- user:foo:--- group::r-- #effective:--- mask::--- ^^^^^ other::r-- As we can see the foo user hasn't got any rights on the test file and a mask is zero. Let's try to read the file as the foo user: foo@bar:~$ cat /tmp/test FOOBAR foo@bar:~$ Success. According to the documentation (man acl) user foo cannot access the file: " 2. else if the effective user ID of the process matches the qualifier of any entry of type ACL_USER, then if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access is granted, else access is denied." If I change the the mask entry to something else: root@bar:~# getfacl /tmp/test getfacl: Removing leading '/' from absolute path names # file: tmp/test # owner: root # group: root user::rw- user:foo:--- group::r-- #effective:--- mask::-w- ^^^^^^ other::r-- the foo user cannot read the file: foo@bar:~$ cat /tmp/test cat: /tmp/test: Permission denied I tested with ext4 and tmpfs with the same result. I also tested on a Solaris 9 machine where the permissions work as expected. System info: Description: Ubuntu 12.04.1 LTS Release: 12.04 acl: Installed: 2.2.51-5ubuntu1 Candidate: 2.2.51-5ubuntu1 Version table: *** 2.2.51-5ubuntu1 0 500 http://hu.archive.ubuntu.com/ubuntu/ precise/main i386 Packages 100 /var/lib/dpkg/status Linux bar 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC 2012 i686 i686 i386 GNU/Linux Thank you for your time and I hope you can find the source of this issue. ** Affects: acl (Ubuntu) Importance: Undecided Status: New ** Summary changed: - posix acl is evaluated wrong null mask + posix acl permissions evaluated wrongly with null mask -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1081502 Title: posix acl permissions evaluated wrongly with null mask To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1081502/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs