Support workflows making use of POSIX ACLs #9475
Labels
enhancement
New features or improvements of some kind, as opposed to a problem (bug)
needs-triage
New issues needed to be validated
Feature description
This is not a feature request about specifically supporting syncing POSIX ACLs, but rather about supporting workflows that involve POSIX ACLs.
It would be nice if Syncthing did all or any of the below:
Problem or use case
The root of the problem is that POSIX ACLs are arguably mis-designed in one specific way: they repurpose normal UNIX group permissions (i. e.
5
in0750
) to mean the "ACL mask permissions", which is a value that is implicitly ANDed with all ACL entries. The UNIX group permissions are, instead, converted into an ACL entry. For instance:In this example, the ACLs are used on what was a mode
0700
directory to additionally give RWX permissions on the directory to groupfiles
. However, any non-ACL-aware application will see the directory as if it simply had mode0770
.Thus, if Syncthing is used to sync such a directory onto another host, Syncthing on that host will create the directory as mode
0770
, which is incorrect (and might even be a security problem).Alternatives or workarounds
+x
bits set on specific files do matter to the user)The text was updated successfully, but these errors were encountered: