When file permissions are modified via chmod(2) and the user modifying the
permissions is not capable of setting SGID bit for the file, the bit gets
cleared in inode_change_ok(). However this is not the case when file
permissions get modified via setfacl(1). Add clearing of SGID bit to
posix_acl_equiv_mode().
Signed-off-by: Jan Kara <jack@xxxxxxx>
---
fs/posix_acl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 0a7c5119ed8d..d714b9216418 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -311,8 +311,12 @@ posix_acl_equiv_mode(struct inode *inode, const struct posix_acl *acl,
return -EINVAL;
}
}
- if (mode_p)
+ if (mode_p) {
+ if (!in_group_p(inode->i_gid) &&
+ !capable_wrt_inode_uidgid(inode, CAP_FSETID))
+ *mode_p &= ~S_ISGID;
*mode_p = (*mode_p & ~S_IRWXUGO) | mode;
+ }
return not_equiv;
}
EXPORT_SYMBOL(posix_acl_equiv_mode);
--
2.6.6
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
