Defined option acl to request the use of Posix ACLs
Jean-Pierre André
parent
f55f359f4e
commit
3160203c97
|
|
@ -137,6 +137,7 @@ struct PERMISSIONS_CACHE {
|
|||
enum {
|
||||
SECURITY_DEFAULT, /* rely on fuse for permissions checking */
|
||||
SECURITY_RAW, /* force same ownership/permissions on files */
|
||||
SECURITY_ACL, /* enable Posix ACLs (when compiled in) */
|
||||
SECURITY_ADDSECURIDS, /* upgrade old security descriptors */
|
||||
SECURITY_STATICGRPS, /* use static groups for access control */
|
||||
SECURITY_WANTED /* a security related option was present */
|
||||
|
|
|
|||
|
|
@ -3812,9 +3812,11 @@ int main(int argc, char *argv[])
|
|||
if (ntfs_open_secure(ctx->vol) && (ctx->vol->major_ver >= 3))
|
||||
failed_secure = "Could not open file $Secure";
|
||||
if (!ntfs_build_mapping(&ctx->security,ctx->usermap_path,
|
||||
(ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))
|
||||
(ctx->vol->secure_flags
|
||||
& ((1 << SECURITY_DEFAULT) | (1 << SECURITY_ACL)))
|
||||
&& !(ctx->vol->secure_flags & (1 << SECURITY_WANTED)))) {
|
||||
#if POSIXACLS
|
||||
/* use basic permissions if requested */
|
||||
if (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))
|
||||
permissions_mode = "User mapping built, Posix ACLs not used";
|
||||
else {
|
||||
|
|
@ -3828,7 +3830,8 @@ int main(int argc, char *argv[])
|
|||
#endif /* KERNELACLS */
|
||||
}
|
||||
#else /* POSIXACLS */
|
||||
if (!(ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))) {
|
||||
if (!(ctx->vol->secure_flags
|
||||
& ((1 << SECURITY_DEFAULT) | (1 << SECURITY_ACL)))) {
|
||||
/*
|
||||
* No explicit option but user mapping found
|
||||
* force default security
|
||||
|
|
|
|||
|
|
@ -128,6 +128,13 @@ When a user mapping file is defined, the options \fBuid=\fP, \fBgid=\fP,
|
|||
Set standard permissions on created files and use standard access control.
|
||||
This option is set by default when a user mapping file is present.
|
||||
.TP
|
||||
.B acl
|
||||
Enable setting Posix ACLs on created files and use them for access control.
|
||||
This option is only available on specific builds. It is set by default
|
||||
when a user mapping file is present and the
|
||||
.B permissions
|
||||
mount option is not set.
|
||||
.TP
|
||||
.B inherit
|
||||
When creating a new file, set its initial ownership and protections
|
||||
according to inheritance rules defined in parent directory. These rules
|
||||
|
|
|
|||
|
|
@ -3732,9 +3732,11 @@ int main(int argc, char *argv[])
|
|||
if (ntfs_open_secure(ctx->vol) && (ctx->vol->major_ver >= 3))
|
||||
failed_secure = "Could not open file $Secure";
|
||||
if (!ntfs_build_mapping(&ctx->security,ctx->usermap_path,
|
||||
(ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))
|
||||
(ctx->vol->secure_flags
|
||||
& ((1 << SECURITY_DEFAULT) | (1 << SECURITY_ACL)))
|
||||
&& !(ctx->vol->secure_flags & (1 << SECURITY_WANTED)))) {
|
||||
#if POSIXACLS
|
||||
/* use basic permissions if requested */
|
||||
if (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))
|
||||
permissions_mode = "User mapping built, Posix ACLs not used";
|
||||
else {
|
||||
|
|
@ -3748,7 +3750,8 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
#else /* POSIXACLS */
|
||||
#if KERNELPERMS
|
||||
if (!(ctx->vol->secure_flags & (1 << SECURITY_DEFAULT))) {
|
||||
if (!(ctx->vol->secure_flags
|
||||
& ((1 << SECURITY_DEFAULT) | (1 << SECURITY_ACL)))) {
|
||||
/*
|
||||
* No explicit option but user mapping found
|
||||
* force default security
|
||||
|
|
|
|||
|
|
@ -78,6 +78,7 @@ const struct DEFOPTION optionlist[] = {
|
|||
{ "no_def_opts", OPT_NO_DEF_OPTS, FLGOPT_BOGUS },
|
||||
{ "default_permissions", OPT_DEFAULT_PERMISSIONS, FLGOPT_BOGUS },
|
||||
{ "permissions", OPT_PERMISSIONS, FLGOPT_BOGUS },
|
||||
{ "acl", OPT_ACL, FLGOPT_BOGUS },
|
||||
{ "umask", OPT_UMASK, FLGOPT_OCTAL },
|
||||
{ "fmask", OPT_FMASK, FLGOPT_OCTAL },
|
||||
{ "dmask", OPT_DMASK, FLGOPT_OCTAL },
|
||||
|
|
@ -175,6 +176,7 @@ char *parse_mount_options(ntfs_fuse_context_t *ctx,
|
|||
BOOL no_def_opts = FALSE;
|
||||
int default_permissions = 0;
|
||||
int permissions = 0;
|
||||
int acl = 0;
|
||||
int want_permissions = 0;
|
||||
int intarg;
|
||||
const struct DEFOPTION *poptl;
|
||||
|
|
@ -243,6 +245,11 @@ char *parse_mount_options(ntfs_fuse_context_t *ctx,
|
|||
case OPT_PERMISSIONS :
|
||||
permissions = 1;
|
||||
break;
|
||||
#if POSIXACLS
|
||||
case OPT_ACL :
|
||||
acl = 1;
|
||||
break;
|
||||
#endif
|
||||
case OPT_UMASK :
|
||||
ctx->dmask = ctx->fmask = intarg;
|
||||
want_permissions = 1;
|
||||
|
|
@ -436,7 +443,7 @@ char *parse_mount_options(ntfs_fuse_context_t *ctx,
|
|||
}
|
||||
if (!no_def_opts && ntfs_strappend(&ret, def_opts))
|
||||
goto err_exit;
|
||||
if ((default_permissions || permissions)
|
||||
if ((default_permissions || (permissions && !acl))
|
||||
&& ntfs_strappend(&ret, "default_permissions,"))
|
||||
goto err_exit;
|
||||
/* The atime options exclude each other */
|
||||
|
|
@ -451,8 +458,10 @@ char *parse_mount_options(ntfs_fuse_context_t *ctx,
|
|||
goto err_exit;
|
||||
if (ntfs_strappend(&ret, popts->device))
|
||||
goto err_exit;
|
||||
if (permissions)
|
||||
if (permissions && !acl)
|
||||
ctx->secure_flags |= (1 << SECURITY_DEFAULT);
|
||||
if (acl)
|
||||
ctx->secure_flags |= (1 << SECURITY_ACL);
|
||||
if (want_permissions)
|
||||
ctx->secure_flags |= (1 << SECURITY_WANTED);
|
||||
if (ctx->ro)
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ enum {
|
|||
OPT_NO_DEF_OPTS,
|
||||
OPT_DEFAULT_PERMISSIONS,
|
||||
OPT_PERMISSIONS,
|
||||
OPT_ACL,
|
||||
OPT_UMASK,
|
||||
OPT_FMASK,
|
||||
OPT_DMASK,
|
||||
|
|
@ -120,6 +121,7 @@ typedef struct {
|
|||
BOOL windows_names;
|
||||
BOOL ignore_case;
|
||||
BOOL compression;
|
||||
BOOL acl;
|
||||
BOOL silent;
|
||||
BOOL recover;
|
||||
BOOL hiberfile;
|
||||
|
|
|
|||
Loading…
Reference in New Issue