[illumos-Developer] webrev for #948: chmod(1M) is not -R friendly when doing ACLs

Yuri Pankov yuri.pankov at gmail.com
Wed Apr 27 18:52:15 PDT 2011


Hi,

This is webrev for #948: chmod(1M) is not -R friendly when doing ACLs.

http://cr.illumos.org/view/jj0myccc/illumos-948-webrev/

The idea is to make errors for all ACL-related operations non-fatal (as
they were supposed to be, it seems), while making two other cases fatal
(the "unknown ACL action" and error from acl_check - not sure how to
trigger both, but they really *do* seem to be fatal). I've also added
the full path to the files/dir in error messages, to make it more
user-friendly (there's no context in the error messages otherwise).

The (really simple) testcase is:

$ mkdir -p a/b/c/d; chmod A+user:yuri:full_set:allow a/b; \
  chmod A=user:root:full_set:allow a/b/c; /usr/bin/chmod -R \
  A-user:yuri:full_set:allow a; \
  ls -Vd a/b
chmod: ERROR: ACL entry doesn't exist
drwxr-xr-x+  3 yuri     staff          3 Apr 28 05:42 a/b
              user:yuri:rwxpdDaARWcCos:-------:allow
                 owner@:rwxp--aARWcCos:-------:allow
                 group@:r-x---a-R-c--s:-------:allow
              everyone@:r-x---a-R-c--s:-------:allow

Here chmod fails on the first file not having specified ACE and just
exits.


$ mkdir -p a/b/c/d; chmod A+user:yuri:full_set:allow a/b; \
  chmod A=user:root:full_set:allow a/b/c; \
  ~/ws/illumos-gate-chmod-acl/usr/src/cmd/chmod/chmod -R \
  A-user:yuri:full_set:allow a; \
  ls -Vd a/b
chmod: WARNING: /home/yuri/a: ACL entry doesn't exist
chmod: WARNING: /home/yuri/a/b/c: ACL entry doesn't exist
chmod: WARNING: /home/yuri/a/b/c: Permission denied
drwxr-xr-x   3 yuri     staff          3 Apr 28 05:43 a/b
                 owner@:rwxp--aARWcCos:-------:allow
                 group@:r-x---a-R-c--s:-------:allow
              everyone@:r-x---a-R-c--s:-------:allow

Here we have informative error (warning) messages, and chmod continues
to descend down the tree, removing the ACE where it does exist.


Not sure what are tests would be useful here as it's complete change in
chmod's behaviour for the -R case.


Yuri



More information about the Developer mailing list