From e15480f8dd497defc0e355f08a0cbba1697ffe4e Mon Sep 17 00:00:00 2001 From: Thomas Moestl Date: Mon, 23 Apr 2001 22:52:26 +0000 Subject: Fix a bug introduced in the last commit: vaccess_acl_posix1 only checked the file gid gainst the egid of the accessing process for the ACL_GROUP_OBJ case, and ignored supplementary groups. Approved by: rwatson --- sys/kern/vfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sys/kern/vfs_acl.c') diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 2ae39e06932d..915f12df03df 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) -- cgit v1.2.3