[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fixing default ACL behavior
From: |
Michael Orlitzky |
Subject: |
Fixing default ACL behavior |
Date: |
Tue, 14 Aug 2012 11:28:56 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120730 Thunderbird/10.0.6 |
(cc: bug-tar)
We use POSIX ACLs to grant access to different groups of developers on
our web servers. The biggest roadblock so far has been the use of cp and
tar, which preserve the source's group bits as the ACL mask (usually
denying write access in spite of the default ACL).
There are bugs for cp[1] and mkdir[2] already, and an old ML thread for
tar that I can't seem to find any more.
I wrote a long article for the benefit of myself and my coworkers that
should explain the details:
> http://michael.orlitzky.com/articles/problems_with_posix_acls_and_common_utilities.php
There's proof of concept code in there that works for our simple use case.
I'm both looking for feedback on the algorithm (proposed fix and todo
sections), and wondering whether or not a fix like this could ever make
it upstream. If so, what would I need to do to clean it up for inclusion?
[1] http://savannah.gnu.org/bugs/?27146
[2] http://savannah.gnu.org/bugs/?19546
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Fixing default ACL behavior,
Michael Orlitzky <=