- if (!mode_has_perm(path_mode, S_IXGRP)) {
- /* The group ACL entry should already have been inherited from the
- default ACL. If the source was not group executable, we want to
- modify the destination so that it is not group executable
- either. In the presence of ACLs, the group permissions come not
- from the mode bits, but from the group:: ACL entry. So, to do
- this, we remove the group::x entry. */
- if (has_default_group_obj_execute(path)) {
- /* remove_default_group_obj_execute(path);*/
+ /* If this is a default mask, fix it up. */
+ if (tag == ACL_MASK ||
+ tag == ACL_USER_OBJ ||
+ tag == ACL_GROUP_OBJ ||
+ tag == ACL_OTHER) {
+ if (!allow_exec) {
+ /* The mask doesn't affect acl_user_obj, acl_group_obj (in
+ minimal ACLs) or acl_other entries, so if execute should be
+ masked, we have to do it manually. */
+ int d_result = acl_delete_perm(permset, ACL_EXECUTE);
+ if (d_result == -1) {
+ perror("reapply_default_acl_ng (acl_delete_perm)");
+ result = -1;
+ goto cleanup;
+ }
+
+ int sp_result = acl_set_permset(entry, permset);
+ if (sp_result == -1) {
+ perror("reapply_default_acl_ng (acl_set_permset)");
+ result = -1;
+ goto cleanup;
+ }