Skip to content

mkdir: acl and permission inheritance with -p#11931

Open
j5awry wants to merge 2 commits intouutils:mainfrom
j5awry:mkdir-acl-inheritance-11036
Open

mkdir: acl and permission inheritance with -p#11931
j5awry wants to merge 2 commits intouutils:mainfrom
j5awry:mkdir-acl-inheritance-11036

Conversation

@j5awry
Copy link
Copy Markdown

@j5awry j5awry commented Apr 21, 2026

Fixes #11036

Workflow for permission setting and ACLs failed in several scenarios, most notable when passing -p. Parent directories in the mkdir call would not appropriately set ACLs and could end up with more open permissions. Generally, there was a misunderstanding that GNU coreutils was setting umask (0) and that was the default -- the real flow was using a shaped umask that takes current umask and ensures that the user has the ability to execute mkdir commands through the tree. The umask (0) call was part of a read setup for the equivalent of our UmaskGuard. New workflow focuses on safe defaults, shaped umask, and allowing the Kernel to do to apply ACLs. Adds a test specifically to guard against regression, ensuring a more restrictive ACL is respected with mkdir -p

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

GNU testsuite comparison:

Note: The gnu test tests/rm/many-dir-entries-vs-OOM is now being skipped but was previously passing.
Congrats! The gnu test tests/expand/bounded-memory is now passing!
Congrats! The gnu test tests/printf/printf-surprise is now passing!

Workflow for permission setting and ACLs failed in several scenarios,
most notable when passing -p. Parent directories in the mkdir call would
not appropriately set ACLs and could end up with more open permissions.
Generally, there was a misunderstanding that GNU coreutils was setting
umask (0) and that was the default -- the real flow was using a shaped
umask that takes current umask and ensures that the user has the ability
to execute mkdir commands through the tree. The umask (0) call was part
of a read setup for the equivalent of our UmaskGuard. New workflow
focuses on safe defaults, shaped umask, and allowing the Kernel to do
to apply ACLs. Adds a test specifically to guard against regression,
ensuring a more restrictive ACL is respected with mkdir -p
@j5awry j5awry force-pushed the mkdir-acl-inheritance-11036 branch from 36827d3 to c3bf7c8 Compare April 21, 2026 15:06
rustix::fs::Mode::from_bits_truncated accepts u32 on Linux and u16 on
MacOS. Casting to rustix::fs::RawMode makes the value compatible on
either platform.
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 21, 2026

Merging this PR will improve performance by 31.27%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 308 untouched benchmarks
⏩ 46 skipped benchmarks1

Performance Changes

Mode Benchmark BASE HEAD Efficiency
Memory cp_recursive_deep_tree[(120, 4)] 699.2 KB 532.7 KB +31.27%

Comparing j5awry:mkdir-acl-inheritance-11036 (da0bbac) with main (8cc048b)

Open in CodSpeed

Footnotes

  1. 46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

mkdir creates child directories with setuid+sticky bits (mode 05775) when parent has default POSIX ACLs

1 participant