.P
If the directory containing \fIpath\fR has a default ACL, the ACL on
\fIpath\fR is replaced with that default. Neither symbolic nor hard
-links are followed.
-
+links are followed; symbolic links are ignored in all path components
+to avoid a dangerous race condition.
.P
By default, a heuristic is used to determine whether or not the
execute bit is masked on \fIpath\fR. If \fIpath\fR is not a directory,
\fIpath\fR, then the execute bit will not masked. Otherwise, it is
left alone. In effect we pretend that the \fBx\fR permission acts like
the \fBX\fR (note the case difference) permission of \fBsetfacl\fR.
-
.P
This behavior can be modified with the \fB--no-exec-mask\fR flag.
.SH OPTIONS
-
.IP \fB\-\-recursive\fR,\ \fB\-r\fR
Apply default ACLs recursively. This works top-down, so if directory
\fBfoo\fR is in another directory \fBbar\fR which has a default ACL,
then \fBbar\fR's default ACL will be applied to \fBfoo\fR before the
contents of \fBfoo\fR are processed.
-
.IP \fB\-\-no-exec-mask\fR,\ \fB\-x\fR
Apply the default ACL literally; that is, don't use a heuristic to
decide whether or not to mask the execute bit. This usually results in
looser-than-necessary execute permissions.
+
+.SH ALGORITHM
+.IP "I. Argument validation" 0.4i
+.RS
+.IP "a. If any part of the target path contains a symlink" 0.4i
+Return failure
+.IP "b. If there's no default ACL to apply"
+Return success
+.IP "c. If the target is not a (non-hardlink) regular file or directory"
+Return failure
+.RE
+.IP "II. ACL application"
+.RS
+.IP "a. If the target is a directory" 0.4i
+Set the target's default ACL equal to its parent's default ACL
+.IP "b. Set the target's access ACL equal to its parent's default ACL"
+.IP "c. If the target is a directory"
+Return success
+.IP "d. If the target was executable by anyone"
+Return success
+.IP "e. If \fB--no-exec-mask\fR was given"
+Return success
+.IP "f. Unset the user/group/other/mask execute bits"
+.IP "g. Return success"
+.RE
+.P
+The action of apply-default ACL largely mimics what the kernel would
+do if you ran \fImkdir\fR or \fItouch\fR to create a new file. The one
+point of disagreement is on how to mask group-execute permissions for
+files. The kernel will let the \(dqmask\(dq bits prevent group-execute,
+whereas apply-default-acl will explicitly remove the group-execute bits.
+For example,
+
+.nf
+.I $ mkdir herp
+.I $ setfacl --default --modify user:mjo:rw herp
+.I $ touch herp/derp
+.I $ getfacl --omit-header herp/derp
+user::rw-
+user:mjo:rw-
+group::r-x #effective:r--
+mask::rw-
+other::r--
+.fi
+
+In the same situation, apply-default-acl will mask the group \fBx\fR bit:
+
+.nf
+.I $ apply-default-acl herp/derp
+.I $ getfacl --omit-header herp/derp
+user::rw-
+user:mjo:rw-
+group::r--
+mask::rw-
+other::r--
+.fi
+
+The author is of the opinion that the latter is more sensible, if not
+simply more consistent.
+
+.SH EXIT CODE
+.P
+When given a single path, the following codes correspond directly to
+the action of the program on that path:
+.IP \fB0\ (EXIT_SUCCESS)\fR
+Success
+.IP \fB1\ (EXIT_FAILURE)\fR
+Failure due to a symlink, hardlink, or invalid/inaccessible path
+.IP \fB2\fP
+Other unexpected library error
+.P
+When called on multiple paths, the results from all paths are
+collected and the \(dqworst\(dq result is returned. For example, if
+one path succeeds and another fails, the overall result will be
+failure. If one succeeds, one fails, and one causes an error, then the
+overall result will be an error; and so on.
+.P
+When the \fB\-\-recursive\fR flag is used, the exit code is computed
+as if all affected paths were passed, depth-first, on the command-line.
projects / apply-default-acl.git / blobdiff