From britz@hsr.ch  Thu Mar 20 13:02:30 2003
Return-Path: <britz@hsr.ch>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C99D837B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Mar 2003 13:02:30 -0800 (PST)
Received: from hsr.ch (pollux.hsr.ch [152.96.36.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 90A0E43F85
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Mar 2003 13:02:29 -0800 (PST)
	(envelope-from britz@hsr.ch)
Received: from [217.162.108.200] (account britz HELO RITZBRUNOWKS)
  by hsr.ch (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 6111228 for FreeBSD-gnats-submit@freebsd.org; Thu, 20 Mar 2003 22:02:25 +0100
Message-Id: <GNENKHPCNMLFKGMPLJONEEFMCEAA.britz@hsr.ch>
Date: Thu, 20 Mar 2003 22:02:31 +0100
From: "Ritz, Bruno" <britz@hsr.ch>
Reply-To: <britz@hsr.ch>
To: <FreeBSD-gnats-submit@freebsd.org>
Subject: Incorrect applied default ACLs

>Number:         50148
>Category:       kern
>Synopsis:       Incorrect applied default ACLs
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 20 13:10:12 PST 2003
>Closed-Date:    Mon Aug 04 08:46:54 PDT 2003
>Last-Modified:  Mon Aug 04 08:46:54 PDT 2003
>Originator:     Ritz Bruno
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
(Private)
>Environment:
System: FreeBSD ritz-bruno-srv.local 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Tue Mar
18 23:37:22 CET 2003 root@ritz-bruno-srv.local:/usr/obj/usr/src/sys/SERVER i386


>Description:
        When the default ACL for a directory does not give any right to the
"default" group, but some rights (rwx) to another group, newly created
subdirectories will get some strange ACLs (group::--- group::rwx)? This only
happens for groups, users do not seem to have this problem.

Here is the ACL setup for the directory:
setfacl -dm u::rwx,g::---,o::---,g:mygroup:rwx mydirectory
setfacl -m g:mygroup:rwx mydirectory

Then the new directory was created with mkdir mydirectory/subdir

getfacl mydirectory/subdir returns:
#file:test/
#owner:0
#group:1000
user::rwx
group::---
group::rwx              # effective: r-x *** GROUP NAME MISSING ***
mask::r-x
other::---

>How-To-Repeat:
        (See above)


>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: rwatson 
State-Changed-When: Fri Jul 25 04:35:51 PDT 2003 
State-Changed-Why:  
This has likely been fixed by a patch submitted by Glen Gibb, 
which corrects a bug in the printing of ACLs with effective 
permissions modified by a restrictive mask, causing getfacl 
to omit the group name.  Please try picking up 

src/lib/libc/posix1e/acl_to_text.c:1.11 

And see if that fixes the problem.  You'll need to rebuild 
both libc and getfacl, since it's statically linked, or 
just rebuild all of world. 



Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Fri Jul 25 04:35:51 PDT 2003 
Responsible-Changed-Why:  
I'll grab this, since it's ACL-related. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=50148 
State-Changed-From-To: feedback->closed 
State-Changed-By: rwatson 
State-Changed-When: Mon Aug 4 08:42:58 PDT 2003 
State-Changed-Why:  
Close this PR; believed to be resolved by: 

kern/kern_acl.c:1.43 
sys/acl.h:1.26 

ufs/ufs/acl.h:1.5 
ufs/ufs/ufs_acl.c:1.18 
ufs/ufs/ufs_vnops.c:1.232 


http://www.freebsd.org/cgi/query-pr.cgi?pr=50148 
>Unformatted:
