michael orlitzky

Fixing POSIX ACLs in common utilities

posted 2013-01-30; updated 2016-10-01

Update 2018-03-06
ignore this and go read Fix busted ACLs faster with libadacl.

Introduction

This is an update to Problems with POSIX ACLs and Common Utilities. All of those problems still exist, but the solutions have changed a little.

The Problem

GNU tar, cp, mkdir, etc. all still do stupid shit in the presence of POSIX ACLs.

Independent Fix

The apply-default-acl program is now fairly full-featured and well-tested. It can work recursively, and will fix any of the aforementioned problems. However, you have to remember to run it to fix them.

Monkey-patch Fix

In the previous article, we patched tar and coreutils to respect a global $GNU_REAPPLY_DEFAULT_ACL variable. This worked great but duplicated a lot of code. It was also fairly invasive (and therefore hard to port forward).

Since apply-default-acl now works so well, we should be able to leverage it from within tar, cp, mkdir, etc. to fix the ACLs. In the new fix, those utilites are patched to respect a $GNU_POST_CREATE_CMD environment variable.

Whenever a new file or directory is created,

  1. The first %s in $GNU_POST_CREATE_CMD is replaced with the path of the new file or directory.
  2. The result is passed to the system() function to be executed.

An obvious choice for the variable calls apply-default-acl:

user $ export GNU_POST_CREATE_CMD="apply-default-acl '%s'"

user $ cp foo bar

user $ mkdir -p one/two

I've removed the tar.git and coreutils.git repositories mentioned in the previous article. The build system is just too fucked up—god help you try to find a working revision of gnulib—so we patch the release versions for now.

Here's the rundown to patch tar-1.29,

user $ wget https://ftp.gnu.org/gnu/tar/tar-1.29.tar.xz

user $ tar -xf tar-1.29.tar.xz

user $ rm tar-1.29.tar.xz

user $ cd tar-1.29

user $ wget https://michael.orlitzky.com/code/releases/tar-1.29-gpcc.patch

user $ patch -p1 < tar-1.29-gpcc.patch

user $ ./configure

user $ make

And coreutils-8.25,

user $ wget https://ftp.gnu.org/gnu/coreutils/coreutils-8.25.tar.xz

user $ tar -xf coreutils-8.25.tar.xz

user $ rm coreutils-8.25.tar.xz

user $ cd coreutils-8.25

user $ wget https://michael.orlitzky.com/code/releases/coreutils-8.25-gpcc.patch

user $ patch -p1 < coreutils-8.25-gpcc.patch

user $ ./configure

user $ make