[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Acl-devel] Getting/setting default ACLs through file descriptors
|
From: |
Michael Orlitzky |
|
Subject: |
Re: [Acl-devel] Getting/setting default ACLs through file descriptors |
|
Date: |
Fri, 2 Mar 2018 08:23:40 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 |
On 02/28/2018 11:26 AM, Andreas Grünbacher wrote:
>>
>> This works from directory to directory, but it turns out I do need to
>> inspect the parent's default ACL when applying it to a file (because the
>> execute permissions usually need to be masked).
>
> There were discussions about exporting the __acl_from_xattr and
> __acl_to_xattr libacl functions in the past to open up the library for
> more unusual use cases, but that has never happened. I would consider
> just changing the xattr values directly instead of going through
> libacl in your case: as convenient as it may appear to go through
> libacl, the library is somewhat over-engineered, and therefore
> inefficient and hard to work with. (Have a look at fs/posix_acl.c in
> the kernel.)
I was able to get this working after all. Instead of modifying the
parent's ACL in-memory before applying it to the child, I can...
1. Copy the parent's default ACL to the child with fgetxattr() and
fsetxattr().
2. Read the child's ACL into memory using acl_get_fd() to get
what is essentially the parent's default ACL.
3. Modify that, and re-save it on the child.
This temporarily saves the "wrong" ACL on the child, but since all I'm
changing is the execute permissions, I think that's OK.
Thanks again for the hint.
- Re: [Acl-devel] Getting/setting default ACLs through file descriptors,
Michael Orlitzky <=