[+cc ecryptfs@vger, as I think this is an ecryptfs bug] On Tue, Jun 05, 2012 at 10:28:13AM -0400, Jeff King wrote: > OK, here's the _real_ issue. Git creates with mode 0444, which should > still allow read in the mask. But it's the restrictive umask at the top > of the test script that causes the problem. Try this: > > setfacl -m m:rwx . > perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)' > umask 077 > perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)' > getfacl a b > > On ext4, both files will have the read bit set in the mask. On ecryptfs, > "b" will have an empty mask. I think the wrong thing is that we should > not be respecting umask at all when default ACLs are in play, and > ecryptfs is getting that wrong. But I'm having trouble digging up an > authoritative source. Reading the withdrawn posix 1003.1e and "man 5 acl", it seems pretty clear that if a default ACL is present, it should be used, and umask consulted only if it is not (so the umask should not be making a difference in this case). The reproduction recipe above shows the minimum required to trigger it; adding a more realistic default ACL (with actual entries for users) does not seem to make a difference. -Peff -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html