From nobody@FreeBSD.org  Sat Dec 14 06:58:22 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 8781CA3C
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:22 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 59D581D46
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:22 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rBE6wLaE084525
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Dec 2013 06:58:21 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rBE6wLNb084460;
	Sat, 14 Dec 2013 06:58:21 GMT
	(envelope-from nobody)
Message-Id: <201312140658.rBE6wLNb084460@oldred.freebsd.org>
Date: Sat, 14 Dec 2013 06:58:21 GMT
From: "ZAHEMSZKY, Gabor" <gabor@zahemszky.hu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: deleting POSIX mask-ACL is a horror
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         184760
>Category:       kern
>Synopsis:       [acl] deleting POSIX mask-ACL is a horror
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 14 07:00:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Mon Dec 16 19:05:37 UTC 2013
>Originator:     ZAHEMSZKY, Gabor
>Release:        9.2-RELEASE
>Organization:
Zahemszky Ltd
>Environment:
FreeBSD Picasso.Zahemszky.HU 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
After enabling POSIX-ACL-s, and setting any ACL on a file, we'll have
mask-ACL. But it's terrible difficult to remove the leftover mask-ACL
from the file. Here is a typescript of it:
Script started on Sat Dec 14 07:36:32 2013
$ touch lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ setfacl -m u:friend:rw lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
user:friend:rw-
group::r--
mask::rw-
other::r--
$ setfacl -x u:friend: lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x mask:: lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x mask:: -b lo
setfacl: lo: cannot remove non-existent ACL entry
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -b -x 2 lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
mask::r--
other::r--
$ setfacl -x 2 -b lo
$ getfacl lo
# file: lo
# owner: me
# group: wheel
user::rw-
group::r--
other::r--
$ ^D
Script done on Sat Dec 14 07:41:50 2013

>How-To-Repeat:
Create a new test file on a POSIX-ACL-enbled filesystem. Put an ACL on
that file. Remove that ACL. Try to remove the leftover mask ACL. Sometimes
incorrect error message, sometimes no error message at all. We need to
remove the ACL (-x option) with the non-intuitive -x number form, AND
the "remove all of the ACLs" (-b option) with ONLY THIS order (-b -x is
incorrect; -b -x mask:: incorrect, etc)
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:
