From d1ad594caadf4c951b2efd67429c4fa9508622a5 Mon Sep 17 00:00:00 2001
From: Wolfgang Müller
Date: Sat, 21 Sep 2024 13:36:26 +0200
Subject: git-init-acl: Set ACL mask to rwX

The ACL mask denotes the maximum access rights that can be granted by
ACL entries. Not recalculating it means that we end up with an incorrect
mask of r--, denying write permission for users other than the owner
even though ACL entries exist for them.

Explicitly set the mask and default directory mask to rwX such that we
end up with rw- on files and rwx on directories.
---
 git-init-acl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/git-init-acl b/git-init-acl
index 50950b5..1a40dff 100755
--- a/git-init-acl
+++ b/git-init-acl
@@ -16,9 +16,10 @@ acl_mask() {
 add_to_acl() {
 	# Recursively apply all necessary ACL settings as we may be reinitializing
 	# the git repository with additional authorised users.
-	# Take care *not* to recalculate the ACL mask (-n), since rwX translates to
-	# a mask of rwx even on non-directory files.
-	setfacl -Rnm "d:u:$2:rwX,u:$2:rwX" "$1"
+	# Take care to specify the ACL mask explicitly to make sure it is set to
+	# rw- on files and rwx on directories (automatic recalculation ends up
+	# setting rwx even on non-directory files)
+	setfacl -Rm "d:u:$2:rwX,u:$2:rwX,d:m:rwX,m:rwX" "$1"
 }
 
 test $# -ge 1 || usage
-- 
cgit v1.2.3-2-gb3c3