Make it possible to use permission sets (full_set, modify_set, read_set

and write_set) with setfacl(1). PR: kern/154113 Submitted by: Shawn Webb <lattera at gmail dot com> (earlier version) MFC after: 1 month
svn path=/head/; revision=220465
2025-01-05 12:56:08 +00:00 · 2011-04-09 07:42:25 +00:00 · 2011-04-09 07:42:25 +00:00 · 181b4eebb9 · 2020-12-20 02:59:44 +00:00
commit 181b4eebb9
parent e2a4005dcc
3 changed files with 34 additions and 4 deletions
--- a/bin/setfacl/setfacl.1
+++ b/bin/setfacl/setfacl.1
@ -1,5 +1,6 @@
 .\"-
 .\" Copyright (c) 2001 Chris D. Faulhaber
+.\" Copyright (c) 2011 Edward Tomasz Napierała
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@ -25,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 27, 2010
+.Dd April 9, 2011
 .Dt SETFACL 1
 .Os
 .Sh NAME
@ -307,7 +308,7 @@ Permissions in long form are separated by the
 .Ql /
 character; in short form, they are concatenated together.
 Valid permissions are:
-.Bl -tag -width ".Dv short"
+.Bl -tag -width ".Dv modify_set"
 .It Short
 Long
 .It r
@ -339,6 +340,20 @@ write_owner
 .It S
 synchronize
 .El
+.Pp
+In addition, the following permission sets may be used:
+.Bl -tag -width ".Dv modify_set"
+.It Set
+Permissions
+.It full_set
+all permissions, as shown above
+.It modify_set
+all permissions except write_acl and write_owner
+.It read_set
+read_data, read_attributes, read_xattr and read_acl
+.It write_set
+write_data, append_data, write_attributes and write_xattr
+.El
 .It Ar "ACL inheritance flags"
 Inheritance flags may be specified in either short or long form.
 Short and long forms may not be mixed.
--- a/lib/libc/posix1e/acl_support_nfs4.c
+++ b/lib/libc/posix1e/acl_support_nfs4.c
@ -70,6 +70,10 @@ struct flagnames_struct a_access_masks[] =
     { ACL_WRITE_ACL, "write_acl", 'C'},
     { ACL_WRITE_OWNER, "write_owner", 'o'},
     { ACL_SYNCHRONIZE, "synchronize", 's'},
+     { ACL_FULL_SET, "full_set", '\0'},
+     { ACL_MODIFY_SET, "modify_set", '\0'},
+     { ACL_READ_SET, "read_set", '\0'},
+     { ACL_WRITE_SET, "write_set", '\0'},
     { 0, 0, 0}};

 static const char *
@ -117,7 +121,7 @@ format_flags_compact(char *str, size_t size, uint32_t var,
 {
 	size_t i;

-	for (i = 0; flags[i].name != NULL; i++) {
+	for (i = 0; flags[i].letter != '\0'; i++) {
 		assert(i < size);
 		if ((flags[i].flag & var) == 0)
 			str[i] = '-';
--- a/sys/sys/acl.h
+++ b/sys/sys/acl.h
@ -217,12 +217,23 @@ typedef void *acl_t;
 #define	ACL_WRITE_OWNER		0x00004000
 #define	ACL_SYNCHRONIZE		0x00008000

-#define	ACL_NFS4_PERM_BITS	(ACL_READ_DATA | ACL_WRITE_DATA | \
+#define	ACL_FULL_SET		(ACL_READ_DATA | ACL_WRITE_DATA | \
    ACL_APPEND_DATA | ACL_READ_NAMED_ATTRS | ACL_WRITE_NAMED_ATTRS | \
    ACL_EXECUTE | ACL_DELETE_CHILD | ACL_READ_ATTRIBUTES | \
    ACL_WRITE_ATTRIBUTES | ACL_DELETE | ACL_READ_ACL | ACL_WRITE_ACL | \
    ACL_WRITE_OWNER | ACL_SYNCHRONIZE)

+#define	ACL_MODIFY_SET		(ACL_FULL_SET & \
+    ~(ACL_WRITE_ACL | ACL_WRITE_OWNER))
+
+#define	ACL_READ_SET		(ACL_READ_DATA | ACL_READ_NAMED_ATTRS | \
+    ACL_READ_ATTRIBUTES | ACL_READ_ACL)
+
+#define	ACL_WRITE_SET		(ACL_WRITE_DATA | ACL_APPEND_DATA | \
+    ACL_WRITE_NAMED_ATTRS | ACL_WRITE_ATTRIBUTES)
+
+#define	ACL_NFS4_PERM_BITS	ACL_FULL_SET
+
 /*
 * Possible entry_id values for acl_get_entry(3).
 */