cavern inheritPermissions bug fix

cadc-util-fs/build.gradle

@@ -16,7 +16,7 @@ sourceCompatibility = 1.8
 
 group = 'org.opencadc'
 
-version = '1.1.2'
+version = '1.1.3'
 
 description = 'OpenCADC file system utility library'
 def git_url = 'https://github.com/opencadc/vos'

cadc-util-fs/src/main/java/org/opencadc/util/fs/AclCommandExecutor.java

@@ -400,7 +400,7 @@ private Set getACL(String perm, boolean defaultACL, boolean resolve) throws IOEx
         if (!resolve) {
             cmdList.add("--numeric");
         }
-        cmdList.add("--omit-header");
+        //cmdList.add("--omit-header");
         cmdList.add("--skip-base");
         cmdList.add("--physical"); // do not follow symlinks
         cmdList.add(toAbsolutePath(path));
@@ -413,35 +413,52 @@ private Set getACL(String perm, boolean defaultACL, boolean resolve) throws IOEx
         }
         String out = grabber.getOutput(true);
         String[] lines = out.split("[\n]");
+        String groupToken = null;
         for (String s : lines) {
             String[] tokens = s.split("[:#]"); // hash to split effective permissions when masked
-            log.debug("raw: (" + tokens.length + ") " + s);
-            String gidToken = null;
-            String permToken = null;
-            if (defaultACL && "default".equals(tokens[0]) && "group".equals(tokens[1])) {
-                if (tokens.length >= 4 && tokens[2].length() > 0) {
-                    gidToken = tokens[2];
-                    permToken = tokens[3];
-                }
-            } else if (!defaultACL && "group".equals(tokens[0]) && tokens[1].length() > 0) {
-                if (tokens.length == 3) {
-                    gidToken = tokens[1];
-                    permToken = tokens[2];
-                } else if (tokens.length == 5) {
-                    gidToken = tokens[1];
-                    permToken = tokens[4]; // effective permissions due to masked
+            if (s.startsWith("#")) {
+                // header line
+                String tk = tokens[1].trim();
+                log.debug("header tokens: " + tk + " " + tokens[2]);
+                if ("group".equals(tk)) {
+                    groupToken = tokens[2].trim();
+                    log.debug("default group: " + groupToken);
                 }
             } else {
-                log.debug("skip: " + s);
-            }
-            log.debug("found: " + gidToken + "," + permToken + " in " + s);
-            if (gidToken != null && permToken != null && permToken.startsWith(perm)) {
-                if (resolve) {
-                    aclList.add(gidToken);
+                log.debug("raw: (" + tokens.length + ") " + s);
+                String gidToken = null;
+                String permToken = null;
+                if (defaultACL && "default".equals(tokens[0]) && "group".equals(tokens[1])) {
+                    if (tokens.length >= 4) {
+                        if (tokens[2].length() == 0) {
+                            // the default ACL for the default group
+                            gidToken = groupToken; // from header
+                            permToken = tokens[3];
+                        } else if (tokens[2].length() > 0) {
+                            gidToken = tokens[2];
+                            permToken = tokens[3];
+                        }
+                    }
+                } else if (!defaultACL && "group".equals(tokens[0]) && tokens[1].length() > 0) {
+                    if (tokens.length == 3) {
+                        gidToken = tokens[1];
+                        permToken = tokens[2];
+                    } else if (tokens.length == 5) {
+                        gidToken = tokens[1];
+                        permToken = tokens[4]; // effective permissions due to masked
+                    }
                 } else {
-                    aclList.add(Integer.parseInt(gidToken));
+                    log.debug("skip: " + s);
                 }
-            }                   
+                log.debug("found: " + gidToken + "," + permToken + " in " + s);
+                if (gidToken != null && permToken != null && permToken.startsWith(perm)) {
+                    if (resolve) {
+                        aclList.add(gidToken);
+                    } else {
+                        aclList.add(Integer.parseInt(gidToken));
+                    }
+                }
+            }
         }
         return aclList;
     }

cadc-util-fs/src/test/java/org/opencadc/util/fs/AclCommandExecutorTest.java

@@ -83,6 +83,7 @@
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.TreeSet;
 import java.util.UUID;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
@@ -244,6 +245,22 @@ void executeCommand(final String[] command) throws IOException {
             rwDefault = acl.getReadWriteACL(true);
             Assert.assertNotNull(rwDefault);
             Assert.assertTrue(rwDefault.isEmpty());
+
+            // verify that defaults ACL can be set and minimally seen without actual group ACLs
+            Set<Integer> emptySet = new TreeSet<>();
+            acl.setACL(worldReadable, emptySet, emptySet, true);
+            roDefault = acl.getReadOnlyACL(true);
+            Assert.assertNotNull(roDefault);
+            Assert.assertTrue(roDefault.isEmpty());
+            rwDefault = acl.getReadWriteACL(true);
+            Assert.assertNotNull(rwDefault);
+            // shows up here as a rw default
+            for (Integer i : rwDefault) {
+                log.info("found bare default RW: " + i);
+            }
+            Assert.assertFalse(rwDefault.isEmpty());
+
+
         } else {
             try {
                 acl.setACL(worldReadable, readGroupPrincipals, writeGroupPrincipals, true);

cavern/VERSION

@@ -1,6 +1,6 @@
 ## deployable containers have a semantic and build tag
 # semantic version tag: major.minor
 # build version tag: timestamp
-VER=0.7.8
+VER=0.7.9
 TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
 unset VER

cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java

@@ -313,13 +313,10 @@ private void setNodeProperties(Path path, Node node) throws IOException, Interru
         boolean inherit = false;
         if (isDir) {
             ContainerNode cn = (ContainerNode) node;
-            if (cn.inheritPermissions != null) {
-                // set
-                String val = cn.inheritPermissions.toString();
-                ExtendedFileAttributes.setFileAttribute(path, VOS.PROPERTY_URI_INHERIT_PERMISSIONS.toASCIIString(), val);
+            if (cn.clearInheritPermissions) {
+                inherit = false;
+            } else {
                 inherit = cn.inheritPermissions;
-            } else if (cn.clearInheritPermissions) {
-                ExtendedFileAttributes.setFileAttribute(path, VOS.PROPERTY_URI_INHERIT_PERMISSIONS.toASCIIString(), null);
             }
         }