From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f178.google.com ([209.85.192.178]:36768 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751095AbcJKXif (ORCPT ); Tue, 11 Oct 2016 19:38:35 -0400 Received: by mail-pf0-f178.google.com with SMTP id e6so9123976pfk.3 for ; Tue, 11 Oct 2016 16:38:35 -0700 (PDT) Date: Tue, 11 Oct 2016 16:11:01 -0700 From: Eric Biggers To: Jan Kara Cc: Al Viro , Andrew Morton , linux-fsdevel@vger.kernel.org, Andreas Gruenbacher Subject: Re: [PATCH v2 RESEND] posix_acl: Clear SGID bit when setting file permissions Message-ID: <20161011231101.GB126173@google.com> References: <1474299768-15150-1-git-send-email-jack@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1474299768-15150-1-git-send-email-jack@suse.cz> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, Sep 19, 2016 at 05:42:48PM +0200, Jan Kara wrote: > When file permissions are modified via chmod(2) and the user is not in > the owning group or capable of CAP_FSETID, the setgid bit is cleared in > inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file > permissions as well as the new ACL, but doesn't clear the setgid bit in > a similar way; this allows to bypass the check in chmod(2). Fix that. > Hi Jan, This patch is causing xfstests generic/314 to fail. This test is supposed to test "SGID inheritance on subdirectories", and the failure is because subdir2 unexpectedly ends up without a SGID bit. This happens because the following commands now result in the SGID bit on the parent directory "$TEST_DIR/$seq-dir" being cleared rather than set: mkdir $TEST_DIR/$seq-dir chown $qa_user:12345 $TEST_DIR/$seq-dir chmod 2775 $TEST_DIR/$seq-dir su $qa_user -c "setfacl -m u:$qa_user:rwx,d:u:$qa_user:rwx $TEST_DIR/$seq-dir" Is this the expected behavior now? Thanks, Eric