From: Mattias W. <mat...@gm...> - 2007-10-25 21:12:55
|
Hi I have a problem with unionfs fuse and default ACLs http://podgorny.cz/moin/UnionFsFuse /mnt/media is mounted with unionfs $ umask 0022 $ getfacl /mnt/media getfacl: Removing leading '/' from absolute path names # file: mnt/media # owner: mattias # group: mattias user::rwx group::rwx group:admin:rwx mask::rwx other::r-x default:user::rwx default:group::r-x default:group:admin:rwx default:mask::rwx default:other::r-x $ mkdir /mnt/media/test $ getfacl /mnt/media/test getfacl: Removing leading '/' from absolute path names # file: mnt/media/test # owner: mattias # group: mattias user::rwx group::r-x group:admin:rwx #effective:r-x mask::r-x other::r-x default:user::rwx default:group::r-x default:group:admin:rwx default:mask::rwx default:other::r-x If do the same operation directly on one of the paths in the union: $ mkdir /mnt/media/test $ getfacl /mnt/h500-1/media/test getfacl: Removing leading '/' from absolute path names # file: mnt/h500-1/media/test # owner: mattias # group: mattias user::rwx group::r-x group:admin:rwx mask::rwx other::r-x default:user::rwx default:group::r-x default:group:admin:rwx default:mask::rwx default:other::r-x As you see the mask end up different, resulting in that the group admin will not have write access. In the non-unionfs case the mkdir call is: mkdir("/mnt/h500-1/media/test", 0777) in the unionfs case the mkdir call done by unionfs is mkdir("/mnt/h500-1/media/test", 0755) That is of cause because fuse gets the already umask stripped mode from the kernel. Quoting http://www.novell.com/documentation/suse91/suselinux-adminguide/html/apbs03.html "If a default ACL exists for the parent directory, the permission bits assigned to the new object correspond to the overlapping portion of the permissions of the mode parameter and those that are defined in the default ACL. The umask is disregarded in this case." So how can one solve this? currently the only solution i can come up with is to pass the original unstripped mode and the process umask to the userland filesystem. This would allow it to implement something similar, check if there exist a default ACL for the target and then use the original mask instead. Please include my address when replying, im not subscribed to the list. -Mattias |