On Mon, 3 Nov 2003, Mark Nipper wrote: > Uh oh! It's that last part where there are the two extra > entries for the two ACL added groups, but no GID seems to have been > stored with each entry, whereas the example in the daemon news article > does actually show GID's in these places. > > So I assume this is an NIS/ACL bug of some kind? Both my uid > and gid as well as both the gid's above (nes and loki) are mapped via > NIS. If anyone needs me to do anything else, let me know. I don't feel > nearly competent enough to start debugging the source for get/setfacl to > try to grok any of this. :) Yes, in 5.1 there was a bug in the libc acl_to_text() code that ommitted the group name when the effective permissions granted by an additional group ACL entry was not the same as the set permissions. This was fixed in src/lib/libc/posix1e/acl_to_text.3:1.11: revision 1.11 date: 2003/07/24 23:33:25; author: rwatson; state: Exp; lines: +3 -2 Print group name in getfacl output when calculating an effective permission set based on a more restrictive mask. Submitted by: Glen Gibb <grg_at_ridley.unimelb.edu.au> The change has not been merged to RELENG_5_1 as that branch is currently owned by the security-officer team for advisories only. If you pull acl_to_text.3 forward to 1.11 and rebuild libc + getfacl, it should be corrected. The bug will be fixed "out of the box" in 5.2. Thanks! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Network Associates LaboratoriesReceived on Mon Nov 03 2003 - 11:23:55 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:27 UTC