libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-02-22 00:38:06 +08:00
Code Issues Projects Releases Wiki Activity

setfacl: Allow to combine -b and -k options

Browse Source 
* setfacl.c (action_t): Rename DeleteAll to DeleteExt.  Add
	DeleteAll.  Rearrange for bit-wise testing later in the code.
	(delallacl): Handle -b -k combination.
	(setfacl): Handle DeleteExt/DeleteAll.
	(usage): Fix -b/-k output.  Rearrange output to better fill 80
	columns.
	(main): Allow to combine -b and -k.

	* utils.xml (setfacl): Accommodate -b/-k change.
	* new-features.xml (ov-new2.3): Add setfacl -b/-k change.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-09-02 12:23:09 +02:00
parent 911808dd5e
commit 4dc3deea89
5 changed files with 156 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winsup/doc/ChangeLog
View File

@ -1,3 +1,8 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* utils.xml (setfacl): Accommodate -b/-k change.
* new-features.xml (ov-new2.4): Add setfacl -b/-k change.
2015-11-18 Corinna Vinschen <corinna@vinschen.de> 2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* utils.xml (setfacl): Show new option output. * utils.xml (setfacl): Show new option output.

5
winsup/doc/new-features.xml
View File

@ -12,6 +12,11 @@
New API: rpmatch. New API: rpmatch.
</para></listitem> </para></listitem>
<listitem><para>
setfacl(1) now allows to use the -b and -k option combined to allow reducing
an ACL to only reflect standard POSIX permissions.
</para></listitem>
</itemizedlist> </itemizedlist>
</sect2> </sect2>

12
winsup/doc/utils.xml
View File

@ -1969,7 +1969,7 @@ Example: regtool get '\user\software\Microsoft\Clock\iFormat'
<refsynopsisdiv> <refsynopsisdiv>
<screen> <screen>
setfacl [-n] {-f ACL_FILE | -s acl_entries} FILE... setfacl [-n] {-f ACL_FILE | -s acl_entries} FILE...
setfacl [-n] {-b|-k|[-x acl_entries] [-m acl_entries]} FILE... setfacl [-n] {[-bk]|[-x acl_entries] [-m acl_entries]} FILE...
</screen> </screen>
</refsynopsisdiv> </refsynopsisdiv>
@ -2027,7 +2027,9 @@ At least one of (-b, -x, -f, -k, -m, -s) must be specified\n"
<para> <literal>-b</literal>,<literal>--remove-all</literal> Remove all <para> <literal>-b</literal>,<literal>--remove-all</literal> Remove all
extended ACL entries. The base ACL entries of the owner, group and extended ACL entries. The base ACL entries of the owner, group and
others are retained.</para> others are retained. This option can be combined with the
<literal>-k</literal>,<literal>--remove-default</literal> option
to delete all non-standard POSIX permissions.</para>
<para> <literal>-x</literal>,<literal>--delete</literal> Delete one or <para> <literal>-x</literal>,<literal>--delete</literal> Delete one or
more specified entries from the file's ACL. The owner, group and others more specified entries from the file's ACL. The owner, group and others
@ -2066,7 +2068,9 @@ $ getfacl source_file | setfacl -f - target_file
<para> <literal>-k</literal>,<literal>--remove-default</literal> Remove all <para> <literal>-k</literal>,<literal>--remove-default</literal> Remove all
default ACL entries. If no default ACL entries exist, no warnings are default ACL entries. If no default ACL entries exist, no warnings are
issued. </para> issued. This option can be combined with the
<literal>-b</literal>,<literal>--remove-all</literal> option
to delete all non-standard POSIX permissions.</para>
<para> <literal>-m</literal>,<literal>--modify</literal> Add or modify one <para> <literal>-m</literal>,<literal>--modify</literal> Add or modify one
or more specified ACL entries. Acl_entries is a comma-separated list of or more specified ACL entries. Acl_entries is a comma-separated list of
@ -2095,7 +2099,7 @@ $ getfacl source_file | setfacl -f - target_file
<para> Directories may contain default ACL entries. Files created in a <para> Directories may contain default ACL entries. Files created in a
directory that contains default ACL entries will have permissions directory that contains default ACL entries will have permissions
according to the combination of the current umask, the explicit according to the combination of the current umask, the explicit
permissions requested and the default ACL entries </para> permissions requested and the default ACL entries.</para>
</refsect1> </refsect1>
</refentry> </refentry>

10
winsup/utils/ChangeLog
View File

@ -1,3 +1,13 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* setfacl.c (action_t): Rename DeleteAll to DeleteExt. Add
DeleteAll. Rearrange for bit-wise testing later in the code.
(delallacl): Handle -b -k combination.
(setfacl): Handle DeleteExt/DeleteAll.
(usage): Fix -b/-k output. Rearrange output to better fill 80
columns.
(main): Allow to combine -b and -k.
2015-11-18 Corinna Vinschen <corinna@vinschen.de> 2015-11-18 Corinna Vinschen <corinna@vinschen.de>
Reapply POSIX ACL changes. Reapply POSIX ACL changes.

253
winsup/utils/setfacl.c
View File

@ -43,13 +43,14 @@ details. */
static char *prog_name; static char *prog_name;
typedef enum { typedef enum {
NoAction, NoAction = 0,
DeleteExt = 1, /* The values 1,2,3 allow bitmasking below. */
DeleteDef = 2,
DeleteAll = 3,
Set, Set,
Modify, Modify,
Delete, Delete,
ModNDel, ModNDel,
DeleteAll,
DeleteDef,
SetFromFile SetFromFile
} action_t; } action_t;
@ -430,10 +431,12 @@ delallacl (aclent_t *tgt, int tcnt, action_t action)
int t; int t;
for (t = 0; t < tcnt; ++t) for (t = 0; t < tcnt; ++t)
/* -b (DeleteAll): Remove all extended ACL entries. /* -b (DeleteExt): Remove all extended ACL entries.
-k (DeleteDef): Remove all default ACL entries. */ -k (DeleteDef): Remove all default ACL entries.
if ((action == DeleteAll && (tgt[t].a_type & (USER | GROUP | CLASS_OBJ))) -b -k (DeleteAll): Remove extended and remove defaults. That means,
|| (action == DeleteDef && (tgt[t].a_type & ACL_DEFAULT))) only preserve standard POSIX perms. */
if (((action & DeleteExt) && (tgt[t].a_type & (USER | GROUP | CLASS_OBJ)))
|| ((action & DeleteDef) && (tgt[t].a_type & ACL_DEFAULT)))
{ {
--tcnt; --tcnt;
if (t < tcnt) if (t < tcnt)
@ -468,8 +471,9 @@ setfacl (action_t action, const char *path, aclent_t *acls, int cnt)
return 2; return 2;
} }
break; break;
case DeleteAll: case DeleteExt:
case DeleteDef: case DeleteDef:
case DeleteAll:
if ((lcnt = acl (path, GETACL, MAX_ACL_ENTRIES, lacl)) < 0 if ((lcnt = acl (path, GETACL, MAX_ACL_ENTRIES, lacl)) < 0
|| (lcnt = delallacl (lacl, lcnt, action)) < 0 || (lcnt = delallacl (lacl, lcnt, action)) < 0
|| (lcnt = acl (path, SETACL, lcnt, lacl)) < 0) || (lcnt = acl (path, SETACL, lcnt, lacl)) < 0)
@ -496,126 +500,121 @@ static void
usage (FILE *stream) usage (FILE *stream)
{ {
fprintf (stream, "" fprintf (stream, ""
"Usage: %s {-f ACL_FILE | -s acl_entries} FILE...\n" "Usage: %s [-n] {-f ACL_FILE | -s acl_entries} FILE...\n"
" %s {-b|[-x acl_entries] [-m acl_entries]} FILE...\n" " %s [-n] {[-bk]|[-x acl_entries] [-m acl_entries]} FILE...\n"
"\n" "\n"
"Modify file and directory access control lists (ACLs)\n" "Modify file and directory access control lists (ACLs)\n"
"\n" "\n"
" -b, --remove-all remove all extended ACL entries\n" " -b, --remove-all remove all extended ACL entries\n"
" -x, --delete delete one or more specified ACL entries\n" " -x, --delete delete one or more specified ACL entries\n"
" -f, --file set ACL entries for FILE to ACL entries read\n" " -f, --file set ACL entries for FILE to ACL entries read\n"
" from ACL_FILE\n" " from ACL_FILE\n"
" -k, --remove-default remove all default ACL entries\n" " -k, --remove-default remove all default ACL entries\n"
" -m, --modify modify one or more specified ACL entries\n" " -m, --modify modify one or more specified ACL entries\n"
" -n, --no-mask don't recalculate the effective rights mask\n" " -n, --no-mask don't recalculate the effective rights mask\n"
" --mask do recalculate the effective rights mask\n" " --mask do recalculate the effective rights mask\n"
" -s, --substitute substitute specified ACL entries on FILE\n" " -s, --substitute substitute specified ACL entries on FILE\n"
" -V, --version print version and exit\n" " -V, --version print version and exit\n"
" -h, --help this help text\n" " -h, --help this help text\n"
"\n" "\n"
"At least one of (-b, -x, -f, -k, -m, -s) must be specified\n" "At least one of (-b, -x, -f, -k, -m, -s) must be specified\n"
"\n", prog_name, prog_name); "\n", prog_name, prog_name);
if (stream == stdout) if (stream == stdout)
{ {
printf("" printf(""
" Acl_entries are one or more comma-separated ACL entries \n" " Acl_entries are one or more comma-separated ACL entries from the following\n"
" from the following list:\n" " list:\n"
"\n" "\n"
" u[ser]::perm\n" " u[ser]::perm\n"
" u[ser]:uid:perm\n" " u[ser]:uid:perm\n"
" g[roup]::perm\n" " g[roup]::perm\n"
" g[roup]:gid:perm\n" " g[roup]:gid:perm\n"
" m[ask]:perm\n" " m[ask]:perm\n"
" o[ther]:perm\n" " o[ther]:perm\n"
"\n" "\n"
" Default entries are like the above with the additional\n" " Default entries are like the above with the additional default identifier.\n"
" default identifier. For example: \n" " For example: \n"
"\n" "\n"
" d[efault]:u[ser]:uid:perm\n" " d[efault]:u[ser]:uid:perm\n"
"\n" "\n"
" 'perm' is either a 3-char permissions string in the form\n" " 'perm' is either a 3-char permissions string in the form \"rwx\" with the\n"
" \"rwx\" with the character - for no permission\n" " character - for no permission, or it is the octal representation of the\n"
" or it is the octal representation of the permissions, a\n" " permissions, a value from 0 (equivalent to \"---\") to 7 (\"rwx\").\n"
" value from 0 (equivalent to \"---\") to 7 (\"rwx\").\n" " 'uid' is a user name or a numerical uid.\n"
" 'uid' is a user name or a numerical uid.\n" " 'gid' is a group name or a numerical gid.\n"
" 'gid' is a group name or a numerical gid.\n" "\n"
"\n" "For each file given as parameter, %s will either replace its complete ACL\n"
"\n" "(-s, -f), or it will add, modify, or delete ACL entries.\n"
"For each file given as parameter, %s will either replace its\n" "\n"
"complete ACL (-s, -f), or it will add, modify, or delete ACL\n" "The following options are supported:\n"
"entries.\n" "\n"
"\n" "-b, --remove-all\n"
"The following options are supported:\n" " Remove all extended ACL entries. The base ACL entries of the owner, group\n"
"\n" " and others are retained. This option can be combined with the\n"
"-b, --remove-all\n" " -k,--remove-default option to delete all non-standard POSIX permissions.\n"
" Remove all extended ACL entries. The base ACL entries of the\n" "\n"
" owner, group and others are retained.\n" "-x, --delete\n"
"\n" " Delete one or more specified entries from the file's ACL. The owner, group\n"
"-x, --delete\n" " and others entries must not be deleted. Acl_entries to be deleted should\n"
" Delete one or more specified entries from the file's ACL.\n" " be specified without permissions, as in the following list:\n"
" The owner, group and others entries must not be deleted.\n" "\n"
" Acl_entries to be deleted should be specified without\n" " u[ser]:uid[:]\n"
" permissions, as in the following list:\n" " g[roup]:gid[:]\n"
"\n" " m[ask][:]\n"
" u[ser]:uid[:]\n" " d[efault]:u[ser][:uid]\n"
" g[roup]:gid[:]\n" " d[efault]:g[roup][:gid]\n"
" m[ask][:]\n" " d[efault]:m[ask][:]\n"
" d[efault]:u[ser][:uid]\n" " d[efault]:o[ther][:]\n"
" d[efault]:g[roup][:gid]\n" "\n"
" d[efault]:m[ask][:]\n" "-f, --file\n"
" d[efault]:o[ther][:]\n" " Take the Acl_entries from ACL_FILE one per line. Whitespace characters are\n"
"\n" " ignored, and the character \"#\" may be used to start a comment. The special\n"
"-f, --file\n" " filename \"-\" indicates reading from stdin.\n"
" Take the Acl_entries from ACL_FILE one per line. Whitespace\n" " Required entries are\n"
" characters are ignored, and the character \"#\" may be used\n" " - One user entry for the owner of the file.\n"
" to start a comment. The special filename \"-\" indicates\n" " - One group entry for the group of the file.\n"
" reading from stdin.\n" " - One other entry.\n"
" Required entries are\n" " If additional user and group entries are given:\n"
" - One user entry for the owner of the file.\n" " - A mask entry for the file group class of the file.\n"
" - One group entry for the group of the file.\n" " - No duplicate user or group entries with the same uid/gid.\n"
" - One other entry.\n" " If it is a directory:\n"
" If additional user and group entries are given:\n" " - One default user entry for the owner of the file.\n"
" - A mask entry for the file group class of the file.\n" " - One default group entry for the group of the file.\n"
" - No duplicate user or group entries with the same uid/gid.\n" " - One default mask entry for the file group class.\n"
" If it is a directory:\n" " - One default other entry.\n"
" - One default user entry for the owner of the file.\n" "\n"
" - One default group entry for the group of the file.\n" "-k, --remove-default\n"
" - One default mask entry for the file group class.\n" " Remove all default ACL entries. If no default ACL entries exist, no\n"
" - One default other entry.\n" " warnings are issued. This option can be combined with the -b,--remove-all\n"
"\n" " option to delete all non-standard POSIX permissions.\n"
"-k, --remove-default\n" "\n"
" Remove all default ACL entries. If no default ACL entries exist,\n" "-m, --modify\n"
" no warnings are issued.\n" " Add or modify one or more specified ACL entries. Acl_entries is a\n"
"\n" " comma-separated list of entries from the same list as above.\n"
"-m, --modify\n" "\n"
" Add or modify one or more specified ACL entries. Acl_entries is\n" "-n, --no-mask\n"
" a comma-separated list of entries from the same list as above.\n" " Valid in conjunction with -m. Do not recalculate the effective rights\n"
"\n" " mask. The default behavior of setfacl is to recalculate the ACL mask entry,\n"
"-n, --no-mask\n" " unless a mask entry was explicitly given. The mask entry is set to the\n"
" Valid in conjunction with -m. Do not recalculate the effective\n" " union of all permissions of the owning group, and all named user and group\n"
" rights mask. The default behavior of setfacl is to recalculate the\n" " entries. (These are exactly the entries affected by the mask entry).\n"
" ACL mask entry, unless a mask entry was explicitly given. The\n" "\n"
" mask entry is set to the union of all permissions of the owning\n" "--mask\n"
" group, and all named user and group entries. (These are exactly\n" " Valid in conjunction with -m. Do recalculate the effective rights mask,\n"
" the entries affected by the mask entry).\n" " even if an ACL mask entry was explicitly given. (See the -n option.)\n"
"\n" "\n"
"--mask\n" "-s, --substitute\n"
" Valid in conjunction with -m. Do recalculate the effective rights\n" " Like -f, but substitute the file's ACL with ACL entries specified in a\n"
" mask, even if an ACL mask entry was explicitly given. (See the\n" " comma-separated list on the command line.\n"
" -n option.)\n" "\n"
"\n" "While the -x and -m options may be used in the same command, the -f and -s\n"
"-s, --substitute\n" "options may be used only exclusively.\n"
" Like -f, but substitute the file's ACL with ACL entries\n" "\n"
" specified in a comma-separated list on the command line.\n" "Directories may contain default ACL entries. Files created in a directory\n"
"\n" "that contains default ACL entries will have permissions according to the\n"
"While the -x and -m options may be used in the same command, the\n" "combination of the current umask, the explicit permissions requested and\n"
"-f and -s options may be used only exclusively.\n" "the default ACL entries.\n"
"\n" "\n", prog_name);
"Directories may contain default ACL entries. Files created\n"
"in a directory that contains default ACL entries will have\n"
"permissions according to the combination of the current umask,\n"
"the explicit permissions requested and the default ACL entries\n"
"\n", prog_name);
} }
else else
fprintf(stream, "Try '%s --help' for more information.\n", prog_name); fprintf(stream, "Try '%s --help' for more information.\n", prog_name);
@ -668,6 +667,8 @@ main (int argc, char **argv)
{ {
case 'b': case 'b':
if (action == NoAction) if (action == NoAction)
action = DeleteExt;
else if (action == DeleteDef)
action = DeleteAll; action = DeleteAll;
else else
{ {
@ -712,6 +713,8 @@ main (int argc, char **argv)
case 'k': case 'k':
if (action == NoAction) if (action == NoAction)
action = DeleteDef; action = DeleteDef;
else if (action == DeleteExt)
action = DeleteAll;
else else
{ {
usage (stderr); usage (stderr);