acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Acl-devel] Man page patch for setfacl


From: Mike Frysinger
Subject: Re: [Acl-devel] Man page patch for setfacl
Date: Mon, 22 Jan 2018 15:02:49 -0500

On 22 Jan 2018 17:36, Andreas Grünbacher wrote:
> 2018-01-22 17:16 GMT+01:00 Michael Orlitzky <address@hidden>:
> > On 01/22/2018 10:48 AM, Andreas Grünbacher wrote:
> >> Take a look at the chown and chgrp utilities, which behave the same
> >> way as setfacl does today. There's nothing wrong with that.
> >
> > Are you sure? I haven't tested, but this page suggests that a numeric
> > username will be looked-up and not interpreted as a uid unless you
> > prefix it with a '+':
> 
> This is all rather ugly.
> 
> That piece of documentation seems to predate coreutils-8.27 from March
> 2017 but coreutils 8.27 does treat numbers as IDs in chown and chgrp.
> However, the current coreutils repository (post-8.29) does behave as
> documented.

i'm fairly certain the chown behavior is not new.  glancing through the
git history, it's been this way since at least Oct 1993 with the fileutils
3.8.3 release, and i stopped looking beyond that because that's old enough
for this discussion ;).

https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=lib/userspec.c;h=8c1e9ec8ea0680367599ac8945322f216ac05644;hb=f2080b7714a4dc451a40c9ba12d4c6125a1e69f5#l144
 144   pwd = getpwnam (name);
 145   if (pwd == NULL)
 146     {
 147       if (!isnumber (name))
 148         return "invalid user";
 149       if (use_login_group)
 150         return "cannot get the login group of a numeric UID";
 151       *uid = atoi (name);
 152     }
 153   else
 154     {
 155       *uid = pwd->pw_uid;

https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/chown.c;h=c295f5816430549a47d9536570bad250c845ec70;hb=f2080b7714a4dc451a40c9ba12d4c6125a1e69f5#l165
 165   e = parse_user_spec (argv[optind], &user, &group, &username, &groupname);

POSIX also documents this back at least to 2004:
http://pubs.opengroup.org/onlinepubs/009695399/utilities/chown.html#tag_04_19_05

> > https://www.gnu.org/software/coreutils/manual/html_node/Disambiguating-names-and-IDs.html
> >
> > (So if chown treats them as a uid, it's a bug.)
> >
> >> If you create all-numeric user names, you deserve all the troubles
> >> you've been asking for.
> >
> > Do I still deserve to suffer if I'm trying to fix a mistake that someone
> > else made 15 years ago and that I've been called in to fix?
> 
> So if change the behavior of setfacl to match current coreutils,
> should getfacl be changed to prefix numeric IDs with + signs as well?
> I doubt it -- setfacl would be happy, but other tools might break. So
> then that needs to be documented as well.

i think we should change the behavior to match coreutils wrt looking up
the account first (like my patch does).  however, i'm not exactly keen
on the + hack since that too is a valid character in a username.  maybe
we should introduce a new commandline option like --numeric that'll force
all accounts to be numeric and do no lookups ?
-mike

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]