[illumos-Developer] webrev: 1213 chmod could handle empty access mask as wildcard when removing user/group ACEs
Yuri Pankov
yuri.pankov at gmail.com
Mon Jul 18 15:34:35 PDT 2011
Hi,
https://www.xvoid.org/illumos/webrev/chmod/
The idea is to use empty access mask as wildcard when removing
user/group ACes (I hope the example is readable):
$ mkdir -p dir1/dir2/dir3; \
chmod -R A+user:yuri:rwx:allow,user:bin:rwx:deny dir1; \
ls -Vd dir1/dir2; \
LD_PRELOAD=~/ws/chmod/proto/root_i386/usr/lib/libsec.so.1 chmod \
A-user:bin::deny dir1/dir2; \
ls -Vd dir1/dir2; \
ls -Vd dir1/dir2/dir3; \
LD_PRELOAD=~/ws/chmod/proto/root_i386/usr/lib/libsec.so.1 chmod -R \
A-user:yuri::allow dir1; \
ls -Vd dir1/dir2/dir3
drwxr-xr-x+ 3 yuri staff 3 Jul 19 02:25 dir1/dir2
user:yuri:rwx-----------:-------:allow
user:bin:rwx-----------:-------:deny
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
drwxr-xr-x+ 3 yuri staff 3 Jul 19 02:25 dir1/dir2
user:yuri:rwx-----------:-------:allow
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
drwxr-xr-x+ 2 yuri staff 2 Jul 19 02:25 dir1/dir2/dir3
user:yuri:rwx-----------:-------:allow
user:bin:rwx-----------:-------:deny
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
drwxr-xr-x+ 2 yuri staff 2 Jul 19 02:25 dir1/dir2/dir3
user:bin:rwx-----------:-------:deny
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
Another change to make this more usable is to deny creating ACEs with
empty access mask (they don't make any sense, do they?).
All changed functions are used only by cmd/chmod, so this shouldn't have
any side effects.
Yuri
More information about the Developer
mailing list