acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Acl-devel] Man page patch for setfacl


From: Mike Frysinger
Subject: Re: [Acl-devel] Man page patch for setfacl
Date: Sun, 21 Jan 2018 00:29:04 -0500

On 01 Sep 2017 17:00, Kenneth Dsouza wrote:
> Currently, the setfacl utility cannot handle ACL on numeric username and
> groupname.
> Which causes the ACL to be applied to a uid instead of the username
> intended to.
> 
> Example:
> useradd 1234
> setfacl -m u:1234:rwx /test ------------------------------->> The ACL will
> be set for a uid 1234 and not username 1234.
> 
> Therefore we should update the man page to state out that while setting ACL
> for numeric username and groupname specify only the uid or gid.
> 
> 
> This patch addresses this issue, by ensuring that the end user is aware of
> such behaviour.

shouldn't we fix the behavior instead of documenting it ?

does this patch fix things for you ?
-mike

--- a/tools/parse.c
+++ b/tools/parse.c
@@ -140,13 +140,17 @@ get_uid(
 {
        struct passwd *passwd;
 
-       if (get_id(token, (id_t *)uid_p) == 0)
-               goto accept;
+       /*
+         Resolve the name first.  If there is an account with a numeric name,
+         we want to look it up rather than use it as an id directly.
+       */
        passwd = getpwnam(token);
        if (passwd) {
                *uid_p = passwd->pw_uid;
                goto accept;
        }
+       if (get_id(token, (id_t *)uid_p) == 0)
+               goto accept;
        return -1;
 
 accept:
@@ -161,13 +165,17 @@ get_gid(
 {
        struct group *group;
 
-       if (get_id(token, (id_t *)gid_p) == 0)
-               goto accept;
+       /*
+         Resolve the name first.  If there is an account with a numeric name,
+         we want to look it up rather than use it as an id directly.
+       */
        group = getgrnam(token);
        if (group) {
                *gid_p = group->gr_gid;
                goto accept;
        }
+       if (get_id(token, (id_t *)gid_p) == 0)
+               goto accept;
        return -1;
 
 accept:

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]