flags not removed after setfacl

zhoucheng361 commented 8 months ago

What happened: How to reproduce:

    def test_acl(self):
        state = JuicefsMachine()
        v1 = state.init_folders()
        state.chmod(entry=v1, mode=3291, user='root')
        state.remove_acl(entry=v1, option='--remove-default', user='user1')
        v40 = state.mkdir(mode=1122, parent=v1, subdir='uopt', umask=367, user='root')
        state.chown(entry=v40, owner='user1', user='root')
        state.change_groups(group='group4', groups=['group2'], user='user1')
        state.set_acl(default=False, entry=v40, group='group2', group_perm={'r', 'w', 'x'}, logical=True, mask={'r', 'w', 'x'}, not_recalc_mask=True, other_perm={'x'}, physical=False, recalc_mask=True, recursive=False, set_mask=False, sudo_user='user1', user=v1, user_perm=set())
        state.teardown()

Logs:

root@bench-01:~/juicefs# python3 .github/scripts/hypo/fsrand2_test.py  -k test_acl
setup_logger ./log1
setup_logger ./log2
__init__
duration is 0.028767108917236328
2024-03-13 15:08:11,920 - INFO - do_chmod /tmp/fsrand/ 0o6333 root succeed
2024-03-13 15:08:11,922 - INFO - do_chmod /tmp/jfs/fsrand/ 0o6333 root succeed
2024-03-13 15:08:11,922 - INFO - run_cmd: sudo -u user1 setfacl --remove-default /tmp/fsrand/
2024-03-13 15:08:11,927 - INFO - do_remove_acl /tmp/fsrand/ with --remove-default succeed
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:11,929 - INFO - run_cmd: sudo -u user1 setfacl --remove-default /tmp/jfs/fsrand/
2024-03-13 15:08:11,933 - INFO - do_remove_acl /tmp/jfs/fsrand/ with --remove-default succeed
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:11,935 - INFO - do_mkdir /tmp/fsrand/uopt with mode 0o2142 succeed
2024-03-13 15:08:11,939 - INFO - do_mkdir /tmp/jfs/fsrand/uopt with mode 0o2142 succeed
2024-03-13 15:08:11,939 - INFO - do_chown /tmp/fsrand/uopt user1 succeed
2024-03-13 15:08:11,941 - INFO - do_chown /tmp/jfs/fsrand/uopt user1 succeed
2024-03-13 15:08:11,953 - INFO - do_change_groups user1 group4 ['group2'] succeed
2024-03-13 15:08:11,956 - INFO - do_change_groups user1 group4 ['group2'] succeed
2024-03-13 15:08:11,956 - INFO - run_cmd: sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x /tmp/fsrand/uopt
run_cmd:getfacl /tmp/fsrand/uopt
2024-03-13 15:08:11,962 - INFO - do_set_acl /tmp/fsrand/uopt with u::-,g:group2:wrx,o::x succeed
2024-03-13 15:08:11,962 - INFO - run_cmd: sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x /tmp/jfs/fsrand/uopt
run_cmd:getfacl /tmp/jfs/fsrand/uopt
2024-03-13 15:08:11,972 - INFO - do_set_acl /tmp/jfs/fsrand/uopt with u::-,g:group2:wrx,o::x succeed
F__init__
duration is 0.12301325798034668
2024-03-13 15:08:12,006 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,007 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
2024-03-13 15:08:12,013 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,016 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,017 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,022 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,023 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,032 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,033 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,033 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
.__init__
duration is 0.17746376991271973
2024-03-13 15:08:12,057 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,063 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,063 - INFO - run_cmd: sudo -u root setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,069 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,069 - INFO - run_cmd: sudo -u root setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,080 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,081 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:user1:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,086 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:user1:r,o::- succeed
2024-03-13 15:08:12,086 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:user1:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,095 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:user1:r,o::- succeed
2024-03-13 15:08:12,095 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/fsrand/
2024-03-13 15:08:12,100 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': 'r', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//aaaa: Permission denied
2024-03-13 15:08:12,100 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
2024-03-13 15:08:12,106 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': 'r', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//aaaa: Permission denied
.__init__
duration is 0.24718451499938965
2024-03-13 15:08:12,139 - INFO - do_chmod /tmp/fsrand/ 0o0 root succeed
2024-03-13 15:08:12,142 - INFO - do_chmod /tmp/jfs/fsrand/ 0o0 root succeed
2024-03-13 15:08:12,149 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,152 - INFO - do_change_groups user1 root [] succeed
2024-03-13 15:08:12,152 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,158 - INFO - do_set_acl /tmp/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,158 - INFO - run_cmd: sudo -u root setfacl       -m u:root:-,g:root:r,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,167 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:-,g:root:r,o::- succeed
2024-03-13 15:08:12,167 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,174 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,174 - INFO - do_listdir /tmp/fsrand/ succeed
2024-03-13 15:08:12,175 - INFO - do_listdir /tmp/jfs/fsrand/ succeed
.__init__
duration is 0.32051539421081543
2024-03-13 15:08:12,222 - INFO - do_create_file /tmp/fsrand/lbca with mode w succeed
2024-03-13 15:08:12,229 - INFO - do_create_file /tmp/jfs/fsrand/lbca with mode w succeed
2024-03-13 15:08:12,229 - INFO - run_cmd: sudo -u root setfacl  -R --mask --no-mask  -P -m u:root:wrx,g:user1:wr,o::-,m::wrx /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,235 - INFO - do_set_acl /tmp/fsrand/ with u:root:wrx,g:user1:wr,o::-,m::wrx succeed
2024-03-13 15:08:12,235 - INFO - run_cmd: sudo -u root setfacl  -R --mask --no-mask  -P -m u:root:wrx,g:user1:wr,o::-,m::wrx /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,247 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:wrx,g:user1:wr,o::-,m::wrx succeed
2024-03-13 15:08:12,248 - INFO - do_chmod /tmp/fsrand/ 0o4004 root succeed
2024-03-13 15:08:12,250 - INFO - do_chmod /tmp/jfs/fsrand/ 0o4004 root succeed
2024-03-13 15:08:12,251 - INFO - run_cmd: sudo -u user1 setfacl -d -R    -P -m u:user2:-,g:group4:x,o::-,m::wx /tmp/fsrand/
2024-03-13 15:08:12,255 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': 'x', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//lbca: Permission denied
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,256 - INFO - run_cmd: sudo -u user1 setfacl -d -R    -P -m u:user2:-,g:group4:x,o::-,m::wx /tmp/jfs/fsrand/
2024-03-13 15:08:12,261 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': 'x', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//lbca: Permission denied
setfacl: /tmp/jfs/fsrand/: Operation not permitted
.__init__
duration is 0.40227413177490234
2024-03-13 15:08:12,294 - INFO - do_create_file /tmp/fsrand/aaca with mode w succeed
2024-03-13 15:08:12,300 - INFO - do_create_file /tmp/jfs/fsrand/aaca with mode w succeed
2024-03-13 15:08:12,300 - INFO - do_set_xattr /tmp/fsrand/aaca user.0 b'abc' 2 succeed
2024-03-13 15:08:12,302 - INFO - do_set_xattr /tmp/jfs/fsrand/aaca user.0 b'abc' 2 succeed
2024-03-13 15:08:12,303 - INFO - run_cmd: sudo -u root setfacl       -m u:root:r,g:root:r,o::- /tmp/fsrand/aaca
run_cmd:getfacl /tmp/fsrand/aaca
2024-03-13 15:08:12,309 - INFO - do_set_acl /tmp/fsrand/aaca with u:root:r,g:root:r,o::- succeed
2024-03-13 15:08:12,309 - INFO - run_cmd: sudo -u root setfacl       -m u:root:r,g:root:r,o::- /tmp/jfs/fsrand/aaca
run_cmd:getfacl /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,319 - INFO - do_set_acl /tmp/jfs/fsrand/aaca with u:root:r,g:root:r,o::- succeed
2024-03-13 15:08:12,319 - INFO - run_cmd: sudo -u root setfacl --remove-all /tmp/fsrand/aaca
2024-03-13 15:08:12,323 - INFO - do_remove_acl /tmp/fsrand/aaca with --remove-all succeed
run_cmd:getfacl /tmp/fsrand/aaca
2024-03-13 15:08:12,325 - INFO - run_cmd: sudo -u root setfacl --remove-all /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,331 - INFO - do_remove_acl /tmp/jfs/fsrand/aaca with --remove-all succeed
run_cmd:getfacl /tmp/jfs/fsrand/aaca
2024-03-13 15:08:12,333 - INFO - do_list_xattr /tmp/fsrand/aaca succeed
2024-03-13 15:08:12,334 - INFO - do_list_xattr /tmp/jfs/fsrand/aaca succeed
.__init__
duration is 0.47536659240722656
2024-03-13 15:08:12,367 - INFO - do_create_file /tmp/fsrand/stsn with mode x succeed
2024-03-13 15:08:12,373 - INFO - do_create_file /tmp/jfs/fsrand/stsn with mode x succeed
2024-03-13 15:08:12,374 - INFO - run_cmd: sudo -u root setfacl -d -R --mask    -m u:root:r,g:group4:x,o::-,m::w /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,380 - INFO - do_set_acl /tmp/fsrand/ with u:root:r,g:group4:x,o::-,m::w succeed
2024-03-13 15:08:12,380 - INFO - run_cmd: sudo -u root setfacl -d -R --mask    -m u:root:r,g:group4:x,o::-,m::w /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,389 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:root:r,g:group4:x,o::-,m::w succeed
2024-03-13 15:08:12,390 - INFO - do_create_file /tmp/fsrand/qpyt with mode w succeed
2024-03-13 15:08:12,396 - INFO - do_create_file /tmp/jfs/fsrand/qpyt with mode w succeed
2024-03-13 15:08:12,396 - INFO - do_copy_file /tmp/fsrand/stsn /tmp/fsrand/knmh succeed
2024-03-13 15:08:12,405 - INFO - do_copy_file /tmp/jfs/fsrand/stsn /tmp/jfs/fsrand/knmh succeed
2024-03-13 15:08:12,406 - INFO - do_open /tmp/fsrand/qpyt [512] 2579 succeed
2024-03-13 15:08:12,409 - INFO - do_open /tmp/jfs/fsrand/qpyt [512] 2579 succeed
.__init__
duration is 0.5505039691925049
2024-03-13 15:08:12,465 - INFO - run_cmd: sudo -u user1 setfacl -d -R   -L  -m u:user2:wrx,g:root:r,o::rx,m::r /tmp/fsrand/
2024-03-13 15:08:12,470 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': 'wrx', 'group_perm': 'r', 'other_perm': 'rx'} failed:
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,470 - INFO - run_cmd: sudo -u user1 setfacl -d -R   -L  -m u:user2:wrx,g:root:r,o::rx,m::r /tmp/jfs/fsrand/
2024-03-13 15:08:12,475 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': 'wrx', 'group_perm': 'r', 'other_perm': 'rx'} failed:
setfacl: /tmp/jfs/fsrand/: Operation not permitted
2024-03-13 15:08:12,475 - INFO - do_create_file /tmp/fsrand/abha with mode a succeed
2024-03-13 15:08:12,482 - INFO - do_create_file /tmp/jfs/fsrand/abha with mode a succeed
2024-03-13 15:08:12,482 - INFO - run_cmd: sudo -u root setfacl   --mask --no-mask   -m u:user1:-,g:user3:x,o::- /tmp/fsrand/abha
run_cmd:getfacl /tmp/fsrand/abha
2024-03-13 15:08:12,488 - INFO - do_set_acl /tmp/fsrand/abha with u:user1:-,g:user3:x,o::- succeed
2024-03-13 15:08:12,488 - INFO - run_cmd: sudo -u root setfacl   --mask --no-mask   -m u:user1:-,g:user3:x,o::- /tmp/jfs/fsrand/abha
run_cmd:getfacl /tmp/jfs/fsrand/abha
2024-03-13 15:08:12,497 - INFO - do_set_acl /tmp/jfs/fsrand/abha with u:user1:-,g:user3:x,o::- succeed
2024-03-13 15:08:12,497 - INFO - do_list_xattr /tmp/fsrand/abha succeed
2024-03-13 15:08:12,497 - INFO - do_list_xattr /tmp/jfs/fsrand/abha succeed
.__init__
duration is 0.6389796733856201
2024-03-13 15:08:12,530 - INFO - do_create_file /tmp/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,537 - INFO - do_create_file /tmp/jfs/fsrand/aaaa with mode w succeed
2024-03-13 15:08:12,537 - INFO - run_cmd: sudo -u root setfacl       -m u:user1:-,g:root:-,o::- /tmp/fsrand/
run_cmd:getfacl /tmp/fsrand/
2024-03-13 15:08:12,543 - INFO - do_set_acl /tmp/fsrand/ with u:user1:-,g:root:-,o::- succeed
2024-03-13 15:08:12,543 - INFO - run_cmd: sudo -u root setfacl       -m u:user1:-,g:root:-,o::- /tmp/jfs/fsrand/
run_cmd:getfacl /tmp/jfs/fsrand/
2024-03-13 15:08:12,552 - INFO - do_set_acl /tmp/jfs/fsrand/ with u:user1:-,g:root:-,o::- succeed
2024-03-13 15:08:12,552 - INFO - do_chmod /tmp/fsrand/ 0o4 root succeed
2024-03-13 15:08:12,555 - INFO - do_chmod /tmp/jfs/fsrand/ 0o4 root succeed
2024-03-13 15:08:12,555 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:-,o::- /tmp/fsrand/
2024-03-13 15:08:12,560 - INFO - do_set_acl /tmp/fsrand/ {'user_perm': '-', 'group_perm': '-', 'other_perm': '-'} failed:
setfacl: /tmp/fsrand//aaaa: Permission denied
setfacl: /tmp/fsrand/: Operation not permitted
2024-03-13 15:08:12,560 - INFO - run_cmd: sudo -u user1 setfacl  -R     -m u:root:-,g:root:-,o::- /tmp/jfs/fsrand/
2024-03-13 15:08:12,565 - INFO - do_set_acl /tmp/jfs/fsrand/ {'user_perm': '-', 'group_perm': '-', 'other_perm': '-'} failed:
setfacl: /tmp/jfs/fsrand//aaaa: Permission denied
setfacl: /tmp/jfs/fsrand/: Operation not permitted
.
======================================================================
FAIL: test_acl (__main__.TestFsrand2)
----------------------------------------------------------------------
Traceback (most recent call last):
  File ".github/scripts/hypo/fsrand2_test.py", line 159, in test_acl
    state.set_acl(default=False, entry=v40, group='group2', group_perm={'r', 'w', 'x'}, logical=True, mask={'r', 'w', 'x'}, not_recalc_mask=True, other_perm={'x'}, physical=False, recalc_mask=True, recursive=False, set_mask=False, sudo_user='user1', user=v1, user_perm=set())
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 418, in set_acl
    target=EntryWithACL,
  File "/root/hypothesis/hypothesis-python/src/hypothesis/stateful.py", line 681, in rule_wrapper
    return f(*args, **kwargs)
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 418, in set_acl
    target=EntryWithACL,
  File "/root/hypothesis/hypothesis-python/src/hypothesis/stateful.py", line 802, in precondition_wrapper
    return f(*args, **kwargs)
  File "/root/juicefs/.github/scripts/hypo/fsrand2.py", line 439, in set_acl
    assert self.equal(result1, result2), f'\033[31mset_acl:\nresult1 is {result1}\nresult2 is {result2}\033[0m'
AssertionError: set_acl:
result1 is ("getfacl: Removing leading '/' from absolute path names\n# owner: user1\n# group: user1\nuser::---\ngroup::---\ngroup:group2:rwx\t#effective:---\nmask::---\nother::--x\n\n",)
result2 is ("getfacl: Removing leading '/' from absolute path names\n# owner: user1\n# group: user1\n# flags: -s-\nuser::---\ngroup::---\ngroup:group2:rwx\t#effective:---\nmask::---\nother::--x\n\n",)

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?

Environment:

JuiceFS version (use juicefs --version) or Hadoop Java SDK version:
Cloud provider or hardware configuration running JuiceFS:
OS (e.g cat /etc/os-release):
Kernel (e.g. uname -a):
Object storage (cloud provider and region, or self maintained):
Metadata engine info (version, cloud provider managed or self maintained):
Network connectivity (JuiceFS to metadata engine, JuiceFS to object storage):
Others:

zhoucheng361 commented 8 months ago

Reproduce by bash: cat acl.sh

#!/bin/bash -e
set -x
dir=$1
[[ -z "$dir"  ]] && echo "usage: acl.sh /tmp/jfs/fsrand"
rm $dir -rf
mkdir $dir
chmod 6333 $dir
sudo -u user1 setfacl --remove-default $dir
umask 557
mkdir $dir/uopt -m 2142
umask 022
chown user1 $dir/uopt
usermod -g group4 -G group2 user1
sudo -u user1 setfacl   --mask --no-mask   -m u::-,g:group2:wrx,o::x $dir/uopt
getfacl $dir/uopt

Log:

root@bench-01:~/juicefs# ./acl.sh  /tmp/jfs/fsrand
+ dir=/tmp/jfs/fsrand
+ [[ -z /tmp/jfs/fsrand ]]
+ rm /tmp/jfs/fsrand -rf
+ mkdir /tmp/jfs/fsrand
+ chmod 6333 /tmp/jfs/fsrand
+ sudo -u user1 setfacl --remove-default /tmp/jfs/fsrand
+ umask 557
+ mkdir /tmp/jfs/fsrand/uopt -m 2142
+ umask 022
+ chown user1 /tmp/jfs/fsrand/uopt
+ usermod -g group4 -G group2 user1
+ sudo -u user1 setfacl --mask --no-mask -m u::-,g:group2:wrx,o::x /tmp/jfs/fsrand/uopt
+ getfacl /tmp/jfs/fsrand/uopt
getfacl: Removing leading '/' from absolute path names
# file: tmp/jfs/fsrand/uopt
# owner: user1
# group: root
# flags: -s-
user::---
group::r--
group:group2:rwx        #effective:r--
mask::r--
other::--x

root@bench-01:~/juicefs# ./acl.sh  /tmp/fsrand
+ dir=/tmp/fsrand
+ [[ -z /tmp/fsrand ]]
+ rm /tmp/fsrand -rf
+ mkdir /tmp/fsrand
+ chmod 6333 /tmp/fsrand
+ sudo -u user1 setfacl --remove-default /tmp/fsrand
+ umask 557
+ mkdir /tmp/fsrand/uopt -m 2142
+ umask 022
+ chown user1 /tmp/fsrand/uopt
+ usermod -g group4 -G group2 user1
+ sudo -u user1 setfacl --mask --no-mask -m u::-,g:group2:wrx,o::x /tmp/fsrand/uopt
+ getfacl /tmp/fsrand/uopt
getfacl: Removing leading '/' from absolute path names
# file: tmp/fsrand/uopt
# owner: user1
# group: root
user::---
group::r--
group:group2:rwx        #effective:r--
mask::r--
other::--x

jiefenghuang commented 8 months ago

we need FUSE_SETXATTR_EXT support to check if the extra_flag in SetXattr request is set. (clear sgid if set)

code

/*
 * Fuse daemons without FUSE_POSIX_ACL never changed the passed
 * through POSIX ACLs. Such daemons don't expect setgid bits to
 * be stripped.
 */
if (fc->posix_acl &&
    !vfsgid_in_group_p(i_gid_into_vfsgid(&nop_mnt_idmap, inode)) &&
    !capable_wrt_inode_uidgid(&nop_mnt_idmap, inode, CAP_FSETID))
        extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;

linux patch about clear sgid https://lore.kernel.org/linux-fsdevel/20210319195547.427371-1-vgoyal@redhat.com/

juicedata / juicefs

flags not removed after setfacl #4496