ACL's doesn't work with SUIDDIR

From: Cédric Jonas <cedric@xxxxxxxxxxxxx>
Date: Wed, 21 Mar 2007 17:51:07 +0100

Hi all,

I'm using FreeBSD 6.2-RELEASE, with suiddir set as option in kernel
config and fstab (+ acl support).
My goal is to have a directory (precisely a SVN repo) writable by X
specific users, where all created/modified files remain owned by svn.
I know that's not the only way to do it - but I have reasons to do it
so and not differently.

I tried following:

drwx------ 7 svn users 512 21 Mär 17:30 braintrust
=> user thomas CANT'T write in braintrust

setfacl -d -m u::rwx,g::---,o::---,u:thomas:rwx braintrust/
drwx------ 7 svn users 512 21 Mär 17:31 braintrust
=> user thomas CAN'T write in braintrust - but he got an
default ACL that will apply on all created files in
braintrust

setfacl -m u:thomas:rwx braintrust/
drwxrwx---+ 7 svn users 512 21 Mär 17:34 braintrust
=> user thomas CAN write in braintrust - and all created files
in braintrust got the default ACL

chmod +s braintrust/
drwsrws---+ 7 svn users 512 21 Mär 17:35 braintrust
=> braintrust get the suidbit/sgidbit, and all files created by
thomas in braintrust should be owned by svn|users
BUT: after +s, user thomas CAN'T write anymore in
braintrust, the error is not "Permission denied", but
"Operation not permitted". However, he can read the
directory content. If I do the same with a directory that
hasn't ACL's, it works as expected...

If I understand the manpages correctly, this isn't the correct
behavior, but a bug. Can this be fixed? If I miss understand something,
thanks to correct me.

--
Cédric Jonas cedric@xxxxxxxxxxxxx

GPG ID: 30CCFE8D
GPG Key: http://box.decemplex.net/~cedric/cedric.key.asc
GPG Fingerprint: CF03 E1FD 9428 1B6B E971 B107 9044 AA99 30CC FE8D

Jabber-ID: cedric@xxxxxxxxxxxxx

Attachment: signature.asc
Description: PGP signature

Prev by Date: Re: mx2.freebsd.org blacklisted
Next by Date: sendto() giving EPERM outside a jail
Previous by thread: mx2.freebsd.org blacklisted
Next by thread: sendto() giving EPERM outside a jail
Index(es):
- Date
- Thread

Relevant Pages

ACLs doesnt work with SUIDDIR
... config and fstab (+ acl support). ... My goal is to have a directory (precisely a SVN repo) writable by X ... => user thomas CANT'T write in braintrust ...
(freebsd-questions)
ACLs doesnt work with SUIDDIR
... config and fstab (+ acl support). ... My goal is to have a directory (precisely a SVN repo) writable by X ... => user thomas CANT'T write in braintrust ...
(freebsd-stable)