| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b3ef1024-bc81-4436-ae65-f1bdaf07efe8@huawei.com>
Date: Mon, 8 Dec 2025 17:56:01 +0800
From: "zhangjian (CG)" <zhangjian496@...wei.com>
To: <stfrench@...rosoft.com>, <chuck.lever@...cle.com>, <bfields@...hat.com>
CC: <linux-kernel@...r.kernel.org>, <linux-nfs@...r.kernel.org>
Subject: [Question] nfsacl: why deny owner mode when deny user
When user read bit is denied by nfs4_setfacl, owner read bit is also
denied.
Example:
[root@...alhost ~]# nfs4_getfacl test/a
# file: test/a
A::OWNER@:rwatTcCy
A::1000:rwatcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy
[root@...alhost ~]# nfs4_setfacl -a D::1000:r test/a
[root@...alhost ~]# nfs4_getfacl test/a
# file: test/a
D::OWNER@:r
A::OWNER@:watTcCy
D::1000:r
A::1000:watcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy
In function process_one_v4_ace, I see read bit is denied for owner:
case ACL_USER:
i = find_uid(state, state->users, ace->who);
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
allow_bits(&state->users->aces[i].perms, mask);
} else {
deny_bits(&state->users->aces[i].perms, mask);
mask = state->users->aces[i].perms.deny;
deny_bits(&state->owner, mask);
}
This change is commit in 09229ed. But I wonder why it is implemented
like this.
Powered by blists - more mailing lists