Hello, commit 073931017b49d "posix_acl: Clear SGID bit when setting file permissions" started clearing SGID bit when ACLs are changed for an inode if user is not member of the owning group (or has appropriate capabilities). Now this is in line with what chmod does. However this has caused a regression which one of our customer noticed: Suppose you have a directory DIR with mode 02777 with default ACLs and belongs to a group GROUP you are not member of. You can create subdir SUB in DIR, it will be again owned by GROUP. Previously it will also have SGID bit set, however after commit 073931017b49d, the SGID bit gets cleared as a side-effect of inheritance of default ACLs. Now it is relatively easy (although a bit ugly) to restore SGID bit after ACLs got inherited and Lance has a patch for this. However I wonder: If we let SGID bit be inherited, user can then modify default ACLs of DIR/SUB arbitrarily and this has no effect on the SGID bit. So further files and directories created under SUB can have arbitrary set of ACLs and owning group GROUP. I guess this is in line with the fact that the mode of file / directory under DIR can be arbitrary even without ACLs but I wanted to check whether someone does not see any problem with this. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
