I understand pylibacl is a thin wrapper over libacl
Found a bug in libacl function, acl_from_text. (Although not tested here, probably affects applyto as well.)
Background probably missing from man acl:
"R", "W", and "X" may be seen in the acl of both file and folder. Means apply those permission to descendants only if a folder.
$> getfacl --tabular --omit-header --absolute-names --no-effective /mnt/sda1/somefile
# file: /mnt/sda1/somefile
USER babe rw-
user babe rwX
GROUP babe ---
group wheel rwX
mask rw-
other ---
>>> import posix1e
>>> s = "u::rw-,u:1000:rwX,g::---,g:4:rwX,m:rw-,o::---"
>>> a = posix1e.ACL(text=s)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 22] Invalid argument
>>> s = "u::rw-,u:1000:rwx,g::---,g:4:rwx,m:rw-,o::---"
>>> a = posix1e.ACL(text=s)
>>> str(a)
'user::rw-\nuser:babe:rwx\t#effective:rw-\ngroup::---\ngroup:wheel:rwx\t#effective:rw-\nmask::rw-\nother::---\n'
This proves, at minimum, "X" is not supported and it should be cuz it will be encountered in the wild. And it's essential for descendant folders to have "r-x" permissions while descendant files not to be executable.
I understand pylibacl is a thin wrapper over libacl
Found a bug in libacl function,
acl_from_text. (Although not tested here, probably affects applyto as well.)Background probably missing from
man acl:"R", "W", and "X" may be seen in the acl of both file and folder. Means apply those permission to descendants only if a folder.
$> getfacl --tabular --omit-header --absolute-names --no-effective /mnt/sda1/somefile# file: /mnt/sda1/somefile
USER babe rw-
user babe rwX
GROUP babe ---
group wheel rwX
mask rw-
other ---
This proves, at minimum, "X" is not supported and it should be cuz it will be encountered in the wild. And it's essential for descendant folders to have "r-x" permissions while descendant files not to be executable.