bug#8527: cp/mv in coreutils don't respect the default ACL of parent

[f0rhum]

Thank you Linda for extensive answer.
Just an additional info before I reply your questions: for my own tests I 
didn't use /tmp as target because the sticky bit could do something special 
(not sure). Instead I used /srv/test that I chown me:writers , set chmod -R 
u:rwX,g:srwX then setfacl --set as needed all this as root. The goal being 
having a group writers rwX, another group readers with rX on the tree and 
o:---, and ignore source perms if any.


> What file system and core utils are you using?

My target file system is ext4 (default mount options include acl and user_xattr 
, coreutils is 8.21 & kernel is 3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 
21:30:07 UTC 2014 x86_64 GNU/Linux with embedded acl support out of the box).

> Are you using a file system that has alternate user-data forks
> or extended attributes that have them included by default?
> Or are you using a file system where they were added on as a super-user
> control'd option?  Have you tried copying them as root?

I know this:
from local, umask=0002
from ssh,   umask=0022
no cp aliases, I just need/use the default, i.e. do-not-preserve-perms
All my tests below are run locally. So I wrote a script that echoes each line:
sudo ~/acl.sh
0 mkdir -pv /srv/test
0 setfacl -bk /srv/test
0 rm -rf /srv/test/*
ownership of /srv/test was kept as me:writers
0 chown -Rv me:writers /srv/test
mode of /srv/test/ was changed from 2770 (rwxrws---) to 0000 (---------)
0 (removed all bits)
mode of /srv/test/ was changed from 0000 (---------) to 2770 (rwxrws---)
0 chmod -Rv u+rwX,g+srwX /srv/test
0 setfacl -R --set 
d:u::rwx,d:g::rwx,d:g:writers:rwx,d:u:reader:rx,d:g:reader:rx,d:o::---,d:m::rwx 
/srv/test
getfacl: remove first "/" out of absolute path names
# file: srv/test
USER   me               rwx  rwx
user   reader                r-x
GROUP  writers          rwx  rwx
group  reader                r-x
group  writers               rwx
mask                         rwx
other                   ---  ---

0 setfacl -R --set 
u::rwX,g::rwX,u:reader:rX,g:writers:rwX,g:reader:rx,o::---,m::rwX /srv/test
getfacl: remove first "/" out of absolute path names
# file: srv/test
USER   me               rwx  rwx
user   reader           r-x  r-x
GROUP  writers          rwx  rwx
group  reader           r-x  r-x
group  writers          rwx  rwx
mask                    rwx  rwx
other                   ---  ---

****So at the moment this last command shows all is alright****
****                   Now, let's copy                     ****
address@hidden:/srv$ cp -r /media/me/USPEED/200402/ /srv/test
address@hidden:/srv$ getfacl -t /srv/test/200402/
getfacl: remove first "/" out of absolute path names
# file: srv/test/200402/
USER   me               rwx  rwx
user   reader           R-X  r-x
GROUP  writers          RWX  rwx
group  reader           R-X  r-x
group  writers          RWX  rwx
mask                    ---  rwx
other                   ---  ---

***problems begin: defaults ACL are kept OK (right perm column, ***
***but Access ACL are lost (capitalized in left column by -t are the denied 
perms because mask is lost, do not confuse with cap X in chmod)***
***only file owner can traverse, nobody else can)***

address@hidden:/srv$ getfacl -t /srv/test/200402/P2220368.JPG 
getfacl: remove first "/" out of absolute path names
# file: srv/test/200402/P2220368.JPG
USER   me               rw-     
user   reader           r-X     
GROUP  writers          rWX     
group  reader           r-X     
group  writers          rWX     
mask                    r--     
other                   ---
*** Here one see writers lost the write perm, and reader could read if only he 
could traverse above***

Do the same by creation:
address@hidden:/srv$ mkdir test/handdir
address@hidden:/srv$ touch test/handdir/file
address@hidden:/srv$ getfacl -Rt test/handdir/
# file: test/handdir/
USER   me               rwx  rwx
user   reader           r-x  r-x
GROUP  writers          rwx  rwx
group  reader           r-x  r-x
group  writers          rwx  rwx
mask                    rwx  rwx
other                   ---  ---

# file: test/handdir//file
USER   me               rw-     
user   reader           r-X     
GROUP  writers          rwX     
group  reader           r-X     
group  writers          rwX     
mask                    rw-     
other                   ---
***all is OK this way***








> The reason I ask, is that I just tried it and it appears to work:
> 1) First the dir:
> >  cd /tmp
> >  llg -d /tmp
> drwxrwxrwt 25 root root 8192 Oct  7 02:21 /tmp/
> >  lsacl /tmp
> [u::rwx,g::rwx,o::rwx] /tmp               #default ACL from mode bits
> 
> 2) Create file with 'touch'
> >  touch x                                 # new file
> Ishtar:/tmp> llg x
> -rw-rw-r-- 1 law lawgroup 0 Oct  7 02:26 x
> >  lsacl
> [u::rw-,g::rw-,o::r--] x                  #default ACL
> ----
> 3) now I'll copy in a *directory* that has both types of ACL's on it, but
> not specifying that any permissions be copied:
> 
> >  ll -d  /Media/Library/_artwork/test       #source
> drwxrwsr-x+ 2 10 Oct  7 02:33 /Media/Library/_artwork/test/
> Ishtar:/tmp> lsacl  /Media/Library/_artwork/test      
> [u::rwx,u:Media:rwx,g::rwx,g:Media:rwx,m::rwx,
> o::r-x/u::rwx,u:Media:rwx,
> g::rwx, g:Media:rwx,m::rwx,o::r-x]
> /Media/Library/_artwork/test

> (note, 2nd acl is default dir (lsacl uses "chacl -l")
> Ishtar:/tmp> 'cp' -r /Media/Library/_artwork/test .  #recursive to tmp
> Ishtar:/tmp> llg -d test
> drwxrwxr-x 2 law lawgroup 6 Oct  7 02:34 test/
> Ishtar:/tmp> lsacl test                              #no attr indicated
> [u::rwx,g::rwx,o::r-x] test                          #default ACL shown
> ----
> So far all seems fine.
> 
> 4) Now lets copy the perms too:

> Ishtar:/tmp> rd test
> Ishtar:/tmp> 'cp' -a /Media/Library/_artwork/test .
> Ishtar:/tmp> llg -d test
> drwxrwsr-x+ 2 law Media 6 Oct  7 02:33 test/
> Ishtar:/tmp> lsacl test                          #same ACL as source
> [u::rwx,u:Media:rwx,g::rwx,g:Media:rwx,
> m::rwx,o::r-x/u::rwx,u:Media:rwx,g::rwx,
> g:Media:rwx,m::rwx,o::r-x]
> test

> 5) create file in that dir:

> Ishtar:/tmp> cd test
> Ishtar:/tmp/test> touch touched_file
> Ishtar:/tmp/test> llg touched_file
> -rw-rw-r--+ 1 law Media 0 Oct  7 02:42 touched_file
> Ishtar:/tmp/test> lsacl touched_file
> [u::rw-,u:Media:rwx,g::rwx,g:Media:rwx,m::rw-,o::r--] touched_file
> ---
> File has expected inherited ACL.

> 6) Now ... lets use cp to copy a file w/o acls in:
> (first create normal file under /tmp):
> 
> >  echo "perm test">/tmp/perm.txt
> Ishtar:/tmp/test> llg /tmp/perm.txt
> -rw-rw-r-- 1 law lawgroup 10 Oct  7 02:59 /tmp/perm.txt
> Ishtar:/tmp/test> lsacl /tmp/perm.txt
> [u::rw-,g::rw-,o::r--] /tmp/perm.txt
> >  'cp' /tmp/perm.txt .
> Ishtar:/tmp/test> llg perm.txt
> -rw-rw-r--+ 1 law Media 10 Oct  7 03:01 perm.txt
> Ishtar:/tmp/test> lsacl perm.txt
> [u::rw-,u:Media:rwx,g::rwx,g:Media:rwx,m::rw-,o::r--] perm.txt
> 
> ----
> 8) Looks the same to me...However, check this out:
> 
> Ishtar:/tmp/test> rm perm.txt
> Ishtar:/tmp/test> cp /tmp/perm.txt .
> Ishtar:/tmp/test> llg /tmp/perm.txt
> -rw-rw-r-- 1 law lawgroup 10 Oct  7 02:59 /tmp/perm.txt
> Ishtar:/tmp/test> lsacl perm.txt
> 
> No acl this time, but same copy...or was it?
> 
> Note I was careful to use 'cp' most of the time when copying except
> this last time, cuz:
>  alias cp
> alias cp='cp --preserve=mode,timestamps'
> 
> my normal cp is an alias -- that says to preserve the mode.
> It wouldn't be able to do that if it allowed the default ACL
> to be set on the file.

> --------------
> So, I don't know if this is related to your problem, but
> cp appears to be working correctly here
> filesystem = xfs (acls are always on as they came with the filesystem).
> kernel=
> 
> Linux Ishtar 3.16.2-Isht-Van #1 SMP PREEMPT Tue Sep 9 18:26:43 PDT 2014
> x86_64 x86_64 x86_64 GNU/Linux