Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support workflows making use of POSIX ACLs #9475

Open
3 tasks
intelfx opened this issue Mar 17, 2024 · 2 comments
Open
3 tasks

Support workflows making use of POSIX ACLs #9475

intelfx opened this issue Mar 17, 2024 · 2 comments
Labels
enhancement New features or improvements of some kind, as opposed to a problem (bug) needs-triage New issues needed to be validated

Comments

@intelfx
Copy link

intelfx commented Mar 17, 2024
edited

Feature description

This is not a feature request about specifically supporting syncing POSIX ACLs, but rather about supporting workflows that involve POSIX ACLs.

It would be nice if Syncthing did all or any of the below:

  • support limited modes of syncing permissions (e. g. x-bit only or umask only) that would have less affinity to break ACLs than existing full permission sync mode
  • detect files that have POSIX ACLs set and extract/set actual group permission bits
  • fully support syncing POSIX ACLs (with or without mapping, in particular a "sync only generic ACLs" mode would likely be useful, or "map ACLs of the root directory owner")

Problem or use case

The root of the problem is that POSIX ACLs are arguably mis-designed in one specific way: they repurpose normal UNIX group permissions (i. e. 5 in 0750) to mean the "ACL mask permissions", which is a value that is implicitly ANDed with all ACL entries. The UNIX group permissions are, instead, converted into an ACL entry. For instance:

$ ls -ld ~
drwxrwx---+ 1 intelfx intelfx 2.0K Mar 17 07:22 /home/intelfx

$ getfacl ~
getfacl: Removing leading '/' from absolute path names
# file: home/intelfx
# owner: intelfx
# group: intelfx
user::rwx
group::---
group:files:rwx
mask::rwx
other::---

In this example, the ACLs are used on what was a mode 0700 directory to additionally give RWX permissions on the directory to group files. However, any non-ACL-aware application will see the directory as if it simply had mode 0770.

Thus, if Syncthing is used to sync such a directory onto another host, Syncthing on that host will create the directory as mode 0770, which is incorrect (and might even be a security problem).

Alternatives or workarounds

  • not using ACLs
  • not using permission bits sync (which is unusable if we are syncing, say, a source + build tree, where +x bits set on specific files do matter to the user)
@intelfx intelfx added enhancement New features or improvements of some kind, as opposed to a problem (bug) needs-triage New issues needed to be validated labels Mar 17, 2024
@calmh
Copy link
Member

calmh commented Mar 17, 2024

Thorny stuff.

@intelfx
Copy link
Author

intelfx commented Mar 17, 2024
edited

@calmh While I would be delighted if Syncthing suddenly grew comprehensive support for ACLs, the most labor-effective improvement that could be done is IMO simply to make Syncthing ACL-aware: that is, instead of stat()+chmod() use libacl (or equivalent) to get/set file permissions — but only care about those ACL entries that map directly to UNIX permission bits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New features or improvements of some kind, as opposed to a problem (bug) needs-triage New issues needed to be validated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@calmh @intelfx