diff options
| author | Wolfgang Müller | 2024-09-21 13:36:26 +0200 |
|---|---|---|
| committer | Wolfgang Müller | 2024-09-21 13:36:26 +0200 |
| commit | d1ad594caadf4c951b2efd67429c4fa9508622a5 (patch) | |
| tree | cc3c74359f3b37c41d12996bc9fb69f2bc5cb89f | |
| parent | 92ba675e4bffaca19af1d354783c33b0d9dca069 (diff) | |
| download | git-helpers-d1ad594caadf4c951b2efd67429c4fa9508622a5.tar.gz | |
The ACL mask denotes the maximum access rights that can be granted by
ACL entries. Not recalculating it means that we end up with an incorrect
mask of r--, denying write permission for users other than the owner
even though ACL entries exist for them.
Explicitly set the mask and default directory mask to rwX such that we
end up with rw- on files and rwx on directories.
| -rwxr-xr-x | git-init-acl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/git-init-acl b/git-init-acl index 50950b5..1a40dff 100755 --- a/git-init-acl +++ b/git-init-acl @@ -16,9 +16,10 @@ acl_mask() { add_to_acl() { # Recursively apply all necessary ACL settings as we may be reinitializing # the git repository with additional authorised users. - # Take care *not* to recalculate the ACL mask (-n), since rwX translates to - # a mask of rwx even on non-directory files. - setfacl -Rnm "d:u:$2:rwX,u:$2:rwX" "$1" + # Take care to specify the ACL mask explicitly to make sure it is set to + # rw- on files and rwx on directories (automatic recalculation ends up + # setting rwx even on non-directory files) + setfacl -Rm "d:u:$2:rwX,u:$2:rwX,d:m:rwX,m:rwX" "$1" } test $# -ge 1 || usage |