Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flags not removed after setfacl #4496

Closed
zhoucheng361 opened this issue Mar 13, 2024 · 2 comments · Fixed by #4551
Closed

flags not removed after setfacl #4496

zhoucheng361 opened this issue Mar 13, 2024 · 2 comments · Fixed by #4551
Labels
kind/bug Something isn't working

Comments

@zhoucheng361
Copy link
Contributor

zhoucheng361 commented Mar 13, 2024
edited
Loading

What happened:
How to reproduce:

    def test_acl(self):
        state = JuicefsMachine()
        v1 = state.init_folders()
        state.chmod(entry=v1, mode=3291, user='root')
        state.remove_acl(entry=v1, option='--remove-default', user='user1')
        v40 = state.mkdir(mode=1122, parent=v1, subdir='uopt', umask=367, user='root')
        state.chown(entry=v40, owner='user1', user='root')
        state.change_groups(group='group4', groups=['group2'], user='user1')
        state.set_acl(default=False, entry=v40, group='group2', group_perm={'r', 'w', 'x'}, logical=True, mask={'r', 'w', 'x'}, not_recalc_mask=True, other_perm={'x'}, physical=False, recalc_mask=True, recursive=False, set_mask=False, sudo_user='user1', user=v1, user_perm=set())
        state.teardown()

Logs:

root@bench-01:~/juicefs# python3 .github/scripts/hypo/fsrand2_test.py  -k test_acl
setup_logger ./log1
setup_logger ./log2
__init__
duration is 0.028767108917236328
2024-03-13 15:08:11,920 - INFO - do_chmod /tmp/fsrand/ 0o6333 root succeed
2024-03-13 15:08:11,922 - INFO - do_chmod /tmp/jfs/fsrand/ 0o6333 root succeed
2024-03-13 15:08:11,922 - INFO - run_cmd: sudo -u user1 setfacl --remove-default /tmp/fsrand/
2024-03-13 15:08:11,927 - INFO - do_remove_acl /tmp/fsrand/ with --remove-default succeed
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:11,929 - INFO - run_cmd: sudo -u user1 setfacl --remove-default /tmp/jfs/fsrand/
2024-03-13 15:08:11,933 - INFO - do_remove_acl /tmp/jfs/fsrand/ with --remove-default succeed
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:11,935 - INFO - do_mkdir /tmp/fsrand/uopt with mode 0o2142 succeed
2024-03-13 15:08:11,939 - INFO - do_mkdir /tmp/jfs/fsrand/uopt with mode 0o2142 succeed
2024-03-13 15:08:11,939 - INFO - do_chown /tmp/fsrand/uopt user1 succeed
2024-03-13 15:08:11,941 - INFO - do_chown /tmp/jfs/fsrand/uopt user1 succeed
2024-03-13 15:08:11,953 - INFO - do_change_groups user1 group4 ['group2'] succeed
2024-03-13 15:08:11,956 - INFO - do_change_groups user1 group4 ['group2'] succeed
2024-03-13 15:08:11,956 - INFO - run_cmd: sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x /tmp/fsrand/uopt
run_cmd:getfacl /tmp/fsrand/uopt
2024-03-13 15:08:11,962 - INFO - do_set_acl /tmp/fsrand/uopt with u::-,g:group2:wrx,o::x succeed
2024-03-13 15:08:11,962 - INFO - run_cmd: sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x /tmp/jfs/fsrand/uopt
run_cmd:getfacl /tmp/jfs/fsrand/uopt
2024-03-13 15:08:11,972 - INFO - do_set_acl /tmp/jfs/fsrand/uopt with u::-,g:group2:wrx,o::x succeed
F__init__
duration is 0.12301325798034668
2024-03-13 15:08:12,006 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,007 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
2024-03-13 15:08:12,013 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,016 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,017 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,022 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,023 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,032 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,033 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,033 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
.__init__
duration is 0.17746376991271973
2024-03-13 15:08:12,057 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,063 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,063 - INFO - run_cmd: sudo -u root setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,069 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,069 - INFO - run_cmd: sudo -u root setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,080 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,081 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:user1:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,086 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:user1:r,o::- succeed
2024-03-13 15:08:12,086 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:user1:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,095 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:user1:r,o::- succeed
2024-03-13 15:08:12,095 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/fsrand/
2024-03-13 15:08:12,100 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': 'r', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//aaaa: Permission denied
2024-03-13 15:08:12,100 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
2024-03-13 15:08:12,106 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': 'r', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//aaaa: Permission denied
.__init__
duration is 0.24718451499938965
2024-03-13 15:08:12,139 - INFO - do_chmod /tmp/fsrand/ 0o0 root succeed
2024-03-13 15:08:12,142 - INFO - do_chmod /tmp/jfs/fsrand/ 0o0 root succeed
2024-03-13 15:08:12,149 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,152 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,152 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,158 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,158 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,167 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,167 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,174 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,174 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,175 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
.__init__
duration is 0.32051539421081543
2024-03-13 15:08:12,222 - INFO - do_create_file /tmp/fsrand/lbca with mode w succeed
2024-03-13 15:08:12,229 - INFO - do_create_file /tmp/jfs/fsrand/lbca with mode w succeed
2024-03-13 15:08:12,229 - INFO - run_cmd: sudo -u root setfacl  -R --mask --no-mask  -P -m u:root:wrx,g:user1:wr,o::-,m::wrx /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,235 - INFO - do_set_acl /tmp/fsrand/ with u:root:wrx,g:user1:wr,o::-,m::wrx succeed
2024-03-13 15:08:12,235 - INFO - run_cmd: sudo -u root setfacl  -R --mask --no-mask  -P -m u:root:wrx,g:user1:wr,o::-,m::wrx /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,247 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:wrx,g:user1:wr,o::-,m::wrx succeed
2024-03-13 15:08:12,248 - INFO - do_chmod /tmp/fsrand/ 0o4004 root succeed
2024-03-13 15:08:12,250 - INFO - do_chmod /tmp/jfs/fsrand/ 0o4004 root succeed
2024-03-13 15:08:12,251 - INFO - run_cmd: sudo -u user1 setfacl -d -R    -P -m u:user2:-,g:group4:x,o::-,m::wx /tmp/fsrand/
2024-03-13 15:08:12,255 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': 'x', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//lbca: Permission denied
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,256 - INFO - run_cmd: sudo -u user1 setfacl -d -R    -P -m u:user2:-,g:group4:x,o::-,m::wx /tmp/jfs/fsrand/
2024-03-13 15:08:12,261 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': 'x', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//lbca: Permission denied
setfacl: /tmp/jfs/fsrand/: Operation not permitted
.__init__
duration is 0.40227413177490234
2024-03-13 15:08:12,294 - INFO - do_create_file /tmp/fsrand/aaca with mode w succeed
2024-03-13 15:08:12,300 - INFO - do_create_file /tmp/jfs/fsrand/aaca with mode w succeed
2024-03-13 15:08:12,300 - INFO - do_set_xattr /tmp/fsrand/aaca user.0 b'abc' 2 succeed
2024-03-13 15:08:12,302 - INFO - do_set_xattr /tmp/jfs/fsrand/aaca user.0 b'abc' 2 succeed
2024-03-13 15:08:12,303 - INFO - run_cmd: sudo -u root setfacl       -m u:root:r,g:root:r,o::- /tmp/fsrand/aaca
run_cmd:getfacl /tmp/fsrand/aaca
2024-03-13 15:08:12,309 - INFO - do_set_acl /tmp/fsrand/aaca with u:root:r,g:root:r,o::- succeed
2024-03-13 15:08:12,309 - INFO - run_cmd: sudo -u root setfacl       -m u:root:r,g:root:r,o::- /tmp/jfs/fsrand/aaca
run_cmd:getfacl /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,319 - INFO - do_set_acl /tmp/jfs/fsrand/aaca with u:root:r,g:root:r,o::- succeed
2024-03-13 15:08:12,319 - INFO - run_cmd: sudo -u root setfacl --remove-all /tmp/fsrand/aaca
2024-03-13 15:08:12,323 - INFO - do_remove_acl /tmp/fsrand/aaca with --remove-all succeed
run_cmd:getfacl /tmp/fsrand/aaca
2024-03-13 15:08:12,325 - INFO - run_cmd: sudo -u root setfacl --remove-all /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,331 - INFO - do_remove_acl /tmp/jfs/fsrand/aaca with --remove-all succeed
run_cmd:getfacl /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,333 - INFO - do_list_xattr /tmp/fsrand/aaca succeed
2024-03-13 15:08:12,334 - INFO - do_list_xattr /tmp/jfs/fsrand/aaca succeed
.__init__
duration is 0.47536659240722656
2024-03-13 15:08:12,367 - INFO - do_create_file /tmp/fsrand/stsn with mode x succeed
2024-03-13 15:08:12,373 - INFO - do_create_file /tmp/jfs/fsrand/stsn with mode x succeed
2024-03-13 15:08:12,374 - INFO - run_cmd: sudo -u root setfacl -d -R --mask    -m u:root:r,g:group4:x,o::-,m::w /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,380 - INFO - do_set_acl /tmp/fsrand/ with u:root:r,g:group4:x,o::-,m::w succeed
2024-03-13 15:08:12,380 - INFO - run_cmd: sudo -u root setfacl -d -R --mask    -m u:root:r,g:group4:x,o::-,m::w /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,389 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:r,g:group4:x,o::-,m::w succeed
2024-03-13 15:08:12,390 - INFO - do_create_file /tmp/fsrand/qpyt with mode w succeed
2024-03-13 15:08:12,396 - INFO - do_create_file /tmp/jfs/fsrand/qpyt with mode w succeed
2024-03-13 15:08:12,396 - INFO - do_copy_file /tmp/fsrand/stsn /tmp/fsrand/knmh succeed
2024-03-13 15:08:12,405 - INFO - do_copy_file /tmp/jfs/fsrand/stsn /tmp/jfs/fsrand/knmh succeed
2024-03-13 15:08:12,406 - INFO - do_open /tmp/fsrand/qpyt [512] 2579 succeed
2024-03-13 15:08:12,409 - INFO - do_open /tmp/jfs/fsrand/qpyt [512] 2579 succeed
.__init__
duration is 0.5505039691925049
2024-03-13 15:08:12,465 - INFO - run_cmd: sudo -u user1 setfacl -d -R   -L  -m u:user2:wrx,g:root:r,o::rx,m::r /tmp/fsrand/
2024-03-13 15:08:12,470 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': 'wrx', 'group_perm': 'r', 'other_perm': 'rx'} failed:
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,470 - INFO - run_cmd: sudo -u user1 setfacl -d -R   -L  -m u:user2:wrx,g:root:r,o::rx,m::r /tmp/jfs/fsrand/
2024-03-13 15:08:12,475 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': 'wrx', 'group_perm': 'r', 'other_perm': 'rx'} failed:
setfacl: /tmp/jfs/fsrand/: Operation not permitted
2024-03-13 15:08:12,475 - INFO - do_create_file /tmp/fsrand/abha with mode a succeed
2024-03-13 15:08:12,482 - INFO - do_create_file /tmp/jfs/fsrand/abha with mode a succeed
2024-03-13 15:08:12,482 - INFO - run_cmd: sudo -u root setfacl   --mask --no-mask   -m u:user1:-,g:user3:x,o::- /tmp/fsrand/abha
run_cmd:getfacl /tmp/fsrand/abha
2024-03-13 15:08:12,488 - INFO - do_set_acl /tmp/fsrand/abha with u:user1:-,g:user3:x,o::- succeed
2024-03-13 15:08:12,488 - INFO - run_cmd: sudo -u root setfacl   --mask --no-mask   -m u:user1:-,g:user3:x,o::- /tmp/jfs/fsrand/abha
run_cmd:getfacl /tmp/jfs/fsrand/abha
2024-03-13 15:08:12,497 - INFO - do_set_acl /tmp/jfs/fsrand/abha with u:user1:-,g:user3:x,o::- succeed
2024-03-13 15:08:12,497 - INFO - do_list_xattr /tmp/fsrand/abha succeed
2024-03-13 15:08:12,497 - INFO - do_list_xattr /tmp/jfs/fsrand/abha succeed
.__init__
duration is 0.6389796733856201
2024-03-13 15:08:12,530 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,537 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,537 - INFO - run_cmd: sudo -u root setfacl       -m u:user1:-,g:root:-,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,543 - INFO - do_set_acl /tmp/fsrand/ with u:user1:-,g:root:-,o::- succeed
2024-03-13 15:08:12,543 - INFO - run_cmd: sudo -u root setfacl       -m u:user1:-,g:root:-,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,552 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:user1:-,g:root:-,o::- succeed
2024-03-13 15:08:12,552 - INFO - do_chmod /tmp/fsrand/ 0o4 root succeed
2024-03-13 15:08:12,555 - INFO - do_chmod /tmp/jfs/fsrand/ 0o4 root succeed
2024-03-13 15:08:12,555 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:-,o::- /tmp/fsrand/
2024-03-13 15:08:12,560 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': '-', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//aaaa: Permission denied
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,560 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:-,o::- /tmp/jfs/fsrand/
2024-03-13 15:08:12,565 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': '-', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//aaaa: Permission denied
setfacl: /tmp/jfs/fsrand/: Operation not permitted
.
======================================================================
FAIL: test_acl (__main__.TestFsrand2)
----------------------------------------------------------------------
Traceback (most recent call last):
  File ".github/scripts/hypo/fsrand2_test.py", line 159, in test_acl
    state.set_acl(default=False, entry=v40, group='group2', group_perm={'r', 'w', 'x'}, logical=True, mask={'r', 'w', 'x'}, not_recalc_mask=True, other_perm={'x'}, physical=False, recalc_mask=True, recursive=False, set_mask=False, sudo_user='user1', user=v1, user_perm=set())
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 418, in set_acl
    target=EntryWithACL,
  File "/root/hypothesis/hypothesis-python/src/hypothesis/stateful.py", line 681, in rule_wrapper
    return f(*args, **kwargs)
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 418, in set_acl
    target=EntryWithACL,
  File "/root/hypothesis/hypothesis-python/src/hypothesis/stateful.py", line 802, in precondition_wrapper
    return f(*args, **kwargs)
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 439, in set_acl
    assert self.equal(result1, result2), f'\033[31mset_acl:\nresult1 is {result1}\nresult2 is {result2}\033[0m'
AssertionError: set_acl:
result1 is ("getfacl: Removing leading '/' from absolute path names\n# owner: user1\n# group: user1\nuser::---\ngroup::---\ngroup:group2:rwx\t#effective:---\nmask::---\nother::--x\n\n",)
result2 is ("getfacl: Removing leading '/' from absolute path names\n# owner: user1\n# group: user1\n# flags: -s-\nuser::---\ngroup::---\ngroup:group2:rwx\t#effective:---\nmask::---\nother::--x\n\n",)

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?

Environment:

  • JuiceFS version (use juicefs --version) or Hadoop Java SDK version:
  • Cloud provider or hardware configuration running JuiceFS:
  • OS (e.g cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Object storage (cloud provider and region, or self maintained):
  • Metadata engine info (version, cloud provider managed or self maintained):
  • Network connectivity (JuiceFS to metadata engine, JuiceFS to object storage):
  • Others:
@zhoucheng361 zhoucheng361 added the kind/bug Something isn't working label Mar 13, 2024
@zhoucheng361
Copy link
Contributor Author

zhoucheng361 commented Mar 14, 2024
edited
Loading

Reproduce by bash:
cat acl.sh

#!/bin/bash -e
set -x
dir=$1
[[ -z "$dir"  ]] && echo "usage: acl.sh /tmp/jfs/fsrand"
rm $dir -rf
mkdir $dir
chmod 6333 $dir
sudo -u user1 setfacl --remove-default $dir
umask 557
mkdir $dir/uopt -m 2142
umask 022
chown user1 $dir/uopt
usermod -g group4 -G group2 user1
sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x $dir/uopt
getfacl $dir/uopt

Log:

root@bench-01:~/juicefs# ./acl.sh  /tmp/jfs/fsrand
+ dir=/tmp/jfs/fsrand
+ [[ -z /tmp/jfs/fsrand ]]
+ rm /tmp/jfs/fsrand -rf
+ mkdir /tmp/jfs/fsrand
+ chmod 6333 /tmp/jfs/fsrand
+ sudo -u user1 setfacl --remove-default /tmp/jfs/fsrand
+ umask 557
+ mkdir /tmp/jfs/fsrand/uopt -m 2142
+ umask 022
+ chown user1 /tmp/jfs/fsrand/uopt
+ usermod -g group4 -G group2 user1
+ sudo -u user1 setfacl --mask --no-mask -m u::-,g:group2:wrx,o::x /tmp/jfs/fsrand/uopt
+ getfacl /tmp/jfs/fsrand/uopt
getfacl: Removing leading '/' from absolute path names
# file: tmp/jfs/fsrand/uopt
# owner: user1
# group: root
# flags: -s-
user::---
group::r--
group:group2:rwx		#effective:r--
mask::r--
other::--x

root@bench-01:~/juicefs# ./acl.sh  /tmp/fsrand
+ dir=/tmp/fsrand
+ [[ -z /tmp/fsrand ]]
+ rm /tmp/fsrand -rf
+ mkdir /tmp/fsrand
+ chmod 6333 /tmp/fsrand
+ sudo -u user1 setfacl --remove-default /tmp/fsrand
+ umask 557
+ mkdir /tmp/fsrand/uopt -m 2142
+ umask 022
+ chown user1 /tmp/fsrand/uopt
+ usermod -g group4 -G group2 user1
+ sudo -u user1 setfacl --mask --no-mask -m u::-,g:group2:wrx,o::x /tmp/fsrand/uopt
+ getfacl /tmp/fsrand/uopt
getfacl: Removing leading '/' from absolute path names
# file: tmp/fsrand/uopt
# owner: user1
# group: root
user::---
group::r--
group:group2:rwx		#effective:r--
mask::r--
other::--x

@jiefenghuang
Copy link
Contributor

we need FUSE_SETXATTR_EXT support to check if the extra_flag in SetXattr request is set. (clear sgid if set)

code

/*
 * Fuse daemons without FUSE_POSIX_ACL never changed the passed
 * through POSIX ACLs. Such daemons don't expect setgid bits to
 * be stripped.
 */
if (fc->posix_acl &&
    !vfsgid_in_group_p(i_gid_into_vfsgid(&nop_mnt_idmap, inode)) &&
    !capable_wrt_inode_uidgid(&nop_mnt_idmap, inode, CAP_FSETID))
        extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;

linux patch about clear sgid
https://lore.kernel.org/linux-fsdevel/[email protected]/

@jiefenghuang jiefenghuang mentioned this issue Mar 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix/acl: clear sgid in some cases jiefenghuang/juicefs
2 participants
@zhoucheng361 @jiefenghuang