From 58b3f86be6198c7021afab85b9a5781ce52f2f62 Mon Sep 17 00:00:00 2001 From: jpandre Date: Mon, 25 Aug 2008 09:04:26 +0000 Subject: [PATCH] Improved group permissions when using Posix ACLs --- libntfs-3g/acls.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c index eb627d3a..323561ad 100644 --- a/libntfs-3g/acls.c +++ b/libntfs-3g/acls.c @@ -1381,6 +1381,7 @@ static int buildacls_posix(struct MAPPING *mapping[], u16 grpperms; u16 othperms; u16 mask; + u16 nonstd; } aceset[2], *pset; BOOL adminowns; BOOL groupowns; @@ -1446,11 +1447,13 @@ static int buildacls_posix(struct MAPPING *mapping[], aceset[0].grpperms = 0; aceset[0].othperms = 0; aceset[0].mask = (POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X); + aceset[0].nonstd = 0; aceset[1].selfuserperms = 0; aceset[1].selfgrpperms = 0; aceset[1].grpperms = 0; aceset[1].othperms = 0; aceset[1].mask = (POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X); + aceset[1].nonstd = 0; for (i=pxdesc->acccnt+pxdesc->defcnt-1; i>=0; i--) { if (i >= pxdesc->acccnt) { @@ -1462,6 +1465,7 @@ static int buildacls_posix(struct MAPPING *mapping[], } switch (pxace->tag) { case POSIX_ACL_USER : + pset->nonstd++; /* ! probably do no want root as designated user */ if (!pxace->id) adminowns = TRUE; @@ -1473,6 +1477,7 @@ static int buildacls_posix(struct MAPPING *mapping[], } break; case POSIX_ACL_GROUP : + pset->nonstd++; /* ! probably do no want root as designated group */ if (!pxace->id) adminowns = TRUE; @@ -1490,6 +1495,7 @@ static int buildacls_posix(struct MAPPING *mapping[], pset->othperms = pxace->perms; break; case POSIX_ACL_MASK : + pset->nonstd++; pset->mask = pxace->perms; default : break; @@ -1833,7 +1839,7 @@ return (0); /* now insert grants to group if more than world */ if (adminowns || groupowns - || avoidmask + || (avoidmask && pset->nonstd) || (perms & ~pset->othperms) || (tag == POSIX_ACL_GROUP)) { pgace = (ACCESS_ALLOWED_ACE*)&secattr[offs + pos];