[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Acl-devel] Getting/setting default ACLs through file descriptors
|
From: |
Andreas Grünbacher |
|
Subject: |
Re: [Acl-devel] Getting/setting default ACLs through file descriptors |
|
Date: |
Fri, 2 Mar 2018 14:26:12 +0100 |
2018-03-02 14:23 GMT+01:00 Michael Orlitzky <address@hidden>:
> On 02/28/2018 11:26 AM, Andreas Grünbacher wrote:
>>>
>>> This works from directory to directory, but it turns out I do need to
>>> inspect the parent's default ACL when applying it to a file (because the
>>> execute permissions usually need to be masked).
>>
>> There were discussions about exporting the __acl_from_xattr and
>> __acl_to_xattr libacl functions in the past to open up the library for
>> more unusual use cases, but that has never happened. I would consider
>> just changing the xattr values directly instead of going through
>> libacl in your case: as convenient as it may appear to go through
>> libacl, the library is somewhat over-engineered, and therefore
>> inefficient and hard to work with. (Have a look at fs/posix_acl.c in
>> the kernel.)
>
> I was able to get this working after all. Instead of modifying the
> parent's ACL in-memory before applying it to the child, I can...
>
> 1. Copy the parent's default ACL to the child with fgetxattr() and
> fsetxattr().
>
> 2. Read the child's ACL into memory using acl_get_fd() to get
> what is essentially the parent's default ACL.
>
> 3. Modify that, and re-save it on the child.
>
> This temporarily saves the "wrong" ACL on the child, but since all I'm
> changing is the execute permissions, I think that's OK.
The other disadvantage of this approach is that you are doing more syscalls.
Andreas