acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Acl-devel] Man page patch for setfacl


From: Andreas Grünbacher
Subject: Re: [Acl-devel] Man page patch for setfacl
Date: Mon, 22 Jan 2018 21:14:53 +0100

2018-01-22 21:02 GMT+01:00 Mike Frysinger <address@hidden>:
> On 22 Jan 2018 17:36, Andreas Grünbacher wrote:
>> 2018-01-22 17:16 GMT+01:00 Michael Orlitzky <address@hidden>:
>> > On 01/22/2018 10:48 AM, Andreas Grünbacher wrote:
>> >> Take a look at the chown and chgrp utilities, which behave the same
>> >> way as setfacl does today. There's nothing wrong with that.
>> >
>> > Are you sure? I haven't tested, but this page suggests that a numeric
>> > username will be looked-up and not interpreted as a uid unless you
>> > prefix it with a '+':
>>
>> This is all rather ugly.
>>
>> That piece of documentation seems to predate coreutils-8.27 from March
>> 2017 but coreutils 8.27 does treat numbers as IDs in chown and chgrp.
>> However, the current coreutils repository (post-8.29) does behave as
>> documented.
>
> i'm fairly certain the chown behavior is not new.  glancing through the
> git history, it's been this way since at least Oct 1993 with the fileutils
> 3.8.3 release, and i stopped looking beyond that because that's old enough
> for this discussion ;).
>
> https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=lib/userspec.c;h=8c1e9ec8ea0680367599ac8945322f216ac05644;hb=f2080b7714a4dc451a40c9ba12d4c6125a1e69f5#l144
>  144   pwd = getpwnam (name);
>  145   if (pwd == NULL)
>  146     {
>  147       if (!isnumber (name))
>  148         return "invalid user";
>  149       if (use_login_group)
>  150         return "cannot get the login group of a numeric UID";
>  151       *uid = atoi (name);
>  152     }
>  153   else
>  154     {
>  155       *uid = pwd->pw_uid;
>
> https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/chown.c;h=c295f5816430549a47d9536570bad250c845ec70;hb=f2080b7714a4dc451a40c9ba12d4c6125a1e69f5#l165
>  165   e = parse_user_spec (argv[optind], &user, &group, &username, 
> &groupname);
>
> POSIX also documents this back at least to 2004:
> http://pubs.opengroup.org/onlinepubs/009695399/utilities/chown.html#tag_04_19_05
>
>> > https://www.gnu.org/software/coreutils/manual/html_node/Disambiguating-names-and-IDs.html
>> >
>> > (So if chown treats them as a uid, it's a bug.)
>> >
>> >> If you create all-numeric user names, you deserve all the troubles
>> >> you've been asking for.
>> >
>> > Do I still deserve to suffer if I'm trying to fix a mistake that someone
>> > else made 15 years ago and that I've been called in to fix?
>>
>> So if change the behavior of setfacl to match current coreutils,
>> should getfacl be changed to prefix numeric IDs with + signs as well?
>> I doubt it -- setfacl would be happy, but other tools might break. So
>> then that needs to be documented as well.
>
> i think we should change the behavior to match coreutils wrt looking up
> the account first (like my patch does).  however, i'm not exactly keen
> on the + hack since that too is a valid character in a username.  maybe
> we should introduce a new commandline option like --numeric that'll force
> all accounts to be numeric and do no lookups ?

Let's not add a command-line option, it's just not useful enough.

Andreas



reply via email to

[Prev in Thread] Current Thread [Next in Thread]