Jeff King <peff@xxxxxxxx> writes: > [+cc ecryptfs@vger, as I think this is an ecryptfs bug] > > On Tue, Jun 05, 2012 at 10:28:13AM -0400, Jeff King wrote: > >> OK, here's the _real_ issue. Git creates with mode 0444, which should >> still allow read in the mask. But it's the restrictive umask at the top >> of the test script that causes the problem. Try this: >> >> setfacl -m m:rwx . >> perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)' >> umask 077 >> perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)' >> getfacl a b >> >> On ext4, both files will have the read bit set in the mask. On ecryptfs, >> "b" will have an empty mask. I think the wrong thing is that we should >> not be respecting umask at all when default ACLs are in play, and >> ecryptfs is getting that wrong. But I'm having trouble digging up an >> authoritative source. > > Reading the withdrawn posix 1003.1e and "man 5 acl", it seems pretty > clear that if a default ACL is present, it should be used, and umask > consulted only if it is not (so the umask should not be making a > difference in this case). > > The reproduction recipe above shows the minimum required to trigger it; > adding a more realistic default ACL (with actual entries for users) does > not seem to make a difference. Thanks; so combining the above with your earlier patch to 1304 we would have a good detection for SETFACL prerequisite? -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html