Hi! The POSIX ACLs permission check algorithm implementation is different from the man page [1] in an edge case scenario. When the mask (ACL_MASK) is present but empty, a user who's not the owner will get the permissions of "others" instead of being denied access. The root cause is thought to be this line [2] in namei.c, which skips ACL check if the mask is empty. It affects all file systems that use the "generic_permission" function to check permissions. It can be traced way back to old kernel versions [3]. The relevant section from the man page: " Access Check Algorithm ... 2. else if the effective user ID of the process matches the qualifier of any entry of type ACL_USER, then if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access is granted, else access is denied. " It would be nice to align the code and the man page, though we're not sure which one should be fixed. Steps to reproduce: 1) Normal operation touch file chmod 0777 file setfacl -m u:user1:rw- file setfacl -m u:user2:--- file setfacl -m m::r--- file # Permissions: # user1: r-- # user2: --- 2) Clear out the mask setfacl -m m::--- file # Expected permissions: # user1: --- # user2: --- # Actual permissions: # user1: rwx -> MISMATCH WITH MAN PAGE # user2: rwx -> MISMATCH WITH MAN PAGE [1] See "Access Check Algorithm" in https://linux.die.net/man/5/acl [2] https://elixir.bootlin.com/linux/v5.18/source/fs/namei.c#L349 [3] See "__ext3_permission" function in https://lore.kernel.org/all/E17zVaV-00069k-00@xxxxxxxxxxxxxx/ Thanks, Yoni Couriel https://cloud.google.com/filestore
