From: Dave Chinner <david@fromorbit.com>
To: Carlos Maiolino <cmaiolino@redhat.com>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH] xfs: fix sgid inheritance for subdirectories inheriting default acls [V2]
Date: Thu, 20 Jun 2013 09:39:51 +1000 [thread overview]
Message-ID: <20130619233951.GL29338@dastard> (raw)
In-Reply-To: <20130619132921.GA5200@andromeda.usersys.redhat.com>
On Wed, Jun 19, 2013 at 10:29:22AM -0300, Carlos Maiolino wrote:
> Hi Dave,
>
> > > @@ -594,9 +594,10 @@ xfs_setattr_nonsize(
> > > * The set-user-ID and set-group-ID bits of a file will be
> > > * cleared upon successful return from chown()
> > > */
> > > - if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) &&
> > > - !capable(CAP_FSETID))
> > > - ip->i_d.di_mode &= ~(S_ISUID|S_ISGID);
> > > + if (!S_ISDIR(inode->i_mode))
> > > + if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) &&
> > > + !capable(CAP_FSETID))
> > > + ip->i_d.di_mode &= ~(S_ISUID|S_ISGID);
> >
> > I'm not sure I understand why this is part of this patch - the ACL
> > path does not enter this code branch (ATTR_UID/GID) so it doesn't
> > affect ACL inheritence. So this is some other behavioural change?
> >
> My apologies to have not commented it.
>
> During my code surfing to understand the problem, and what places we revoked
> sgid, I found this one, and, based on chmod specifications, we should keep sgid
> on the directory while chmoding it, unless the user explicitly ask for sgid
> removal, otherwise, if chmoding a file, we remove sgid if this isn't specified
> in the new mode. So, I've added a check here to ensure the inode isn't a dir
> before remove the sgid bit.
Does notify_change() or inode_change_ok() handle this appropriately?
i.e. do we even need that code there?
> Should I remove it from the patch?
It's unrelated to the ACL problem, so put it in a separate patch
with it's own commit description ;)
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2013-06-19 23:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-18 15:32 [PATCH] xfs: fix sgid inheritance for subdirectories inheriting default acls [V2] Carlos Maiolino
2013-06-18 22:43 ` Dave Chinner
2013-06-19 13:29 ` Carlos Maiolino
2013-06-19 23:39 ` Dave Chinner [this message]
2013-06-21 17:48 ` Carlos Maiolino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130619233951.GL29338@dastard \
--to=david@fromorbit.com \
--cc=cmaiolino@redhat.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.