I've been away from this for a while, but have been working on it now for several days... by working on it, I mean I've been reading the code back into fs and forward into the userspace part of orangefs, and comparing what orangefs does with what ext4 and tmpfs do when I set and unset acls... I can observe that these acls are foldable into mode, no acls are set, this asdf file is on ext4: hubcap@vm1 ~]$ ls -l asdf -rw-rw----. 1 hubcap hubcap 0 Mar 6 15:34 asdf [hubcap@vm1 ~]$ setfacl -m u::rwx asdf [hubcap@vm1 ~]$ ls -l asdf -rwxrw----. 1 hubcap hubcap 0 Mar 6 15:34 asdf [hubcap@vm1 ~]$ setfacl -m g::rwx asdf [hubcap@vm1 ~]$ ls -l asdf -rwxrwx---. 1 hubcap hubcap 0 Mar 6 15:34 asdf [hubcap@vm1 ~]$ setfacl -m o::rwx asdf [hubcap@vm1 ~]$ ls -l asdf -rwxrwxrwx. 1 hubcap hubcap 0 Mar 6 15:34 asdf There must be more, perhaps from the perspective of root setting the acl, or...? What are some other examples of acls that get folded into mode that I could test with? Al>> Moreover, if you change an existing ACL to something Al>> that is expressible by pure mode, Can you suggest an example here, too? Finally (for today :-) ) what happened here? Orangefs reacts differently than ext4... in both cases the acl was set, but on ext4 the mode was also changed... hubcap@vm1 ~]$ touch /pvfsmnt/asdf /home/hubcap/asdf [hubcap@vm1 ~]$ ls -l /pvfsmnt/asdf /home/hubcap/asdf -rw-rw-r--. 1 hubcap hubcap 0 Mar 13 11:50 /home/hubcap/asdf -rw-rw-r--. 1 hubcap hubcap 0 Mar 13 11:50 /pvfsmnt/asdf root@vm1 hubcap]# chown root /home/hubcap/asdf /pvfsmnt/asdf [root@vm1 hubcap]# ls -l /home/hubcap/asdf /pvfsmnt/asdf -rw-rw-r--. 1 root hubcap 0 Mar 13 11:50 /home/hubcap/asdf -rw-rw-r--. 1 root hubcap 0 Mar 13 11:50 /pvfsmnt/asdf [root@vm1 hubcap]# setfacl -m u:hubcap:rwx /home/hubcap/asdf /pvfsmnt/asdf [root@vm1 hubcap]# ls -l /home/hubcap/asdf /pvfsmnt/asdf -rw-rwxr--+ 1 root hubcap 0 Mar 13 11:50 /home/hubcap/asdf -rw-rw-r--+ 1 root hubcap 0 Mar 13 11:50 /pvfsmnt/asdf -Mike On Fri, Jan 31, 2020 at 7:56 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > Prior to 4bef69000d93 (orangefs: react properly to > posix_acl_update_mode's aftermath.) it used to be possible > to do orangefs_set_acl(inode, NULL, ACL_TYPE_ACCESS) - > it would've removed the corresponding xattr and that would > be it. Now it fails with -EINVAL without having done > anything. How is one supposed to remove ACLs there? > > Moreover, if you change an existing ACL to something > that is expressible by pure mode, you end up calling > __orangefs_setattr(), which will call posix_acl_chmod(). > And AFAICS that will happen with *old* ACL still cached, > so you'll get ACL_MASK/ACL_OTHER updated in the old ACL. > > How can that possibly work? Sure, you want to > propagate the updated mode to server - after you've > done the actual update (possibly removal) of ACL-encoding > xattr there...
