symlink permissions

Keith Young stripyd at
Tue Dec 7 08:19:25 UTC 2004

When CONFIG_EXT3_FS_POSIX_ACL is not defined, ext3_init_acl() is an
inline function in fs/ext3/acl.h which doesn't check if a file is a
symlink before applying umask.  I've always liked my acls to be
available (so never noticed), but came across this recently when trying
to explain why RedHat Enterprise 3's BOOT kernel creates symlinks 755
during kickstart.

I'm *assuming* this is a bug (acl code treats symlinks specially): It
doesn't affect functionality, but those 755 symlinks can be noisy in
your security reporting :-)

Can anyone tell me if there's a good reason why umask *should* be
applied to symlink permissions?  Otherwise I guess (for 2.6.9):

--- fs/ext3/acl.h       2004-12-07 08:15:07.859199829 +0000
+++ fs/ext3/acl.h.khy   2004-12-07 08:05:11.631931063 +0000
@@ -5,6 +5,7 @@
 #include <linux/xattr_acl.h>
+#include <linux/stat.h>
 #define EXT3_ACL_VERSION       0x0001
 #define EXT3_ACL_MAX_ENTRIES   32
@@ -79,7 +80,8 @@
 static inline int
 ext3_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
-	inode->i_mode &= ~current->fs->umask;
+	if (!S_ISLNK(inode->i_mode))
+		inode->i_mode &= ~current->fs->umask;
 	return 0;
 #endif  /* CONFIG_EXT3_FS_POSIX_ACL */

More information about the Ext3-users mailing list