From 12e64a9557b629d163dc2a2d72dedb96befc481a Mon Sep 17 00:00:00 2001
From: jiefenghuang <jiefeng@juicedata.io>
Date: Tue, 9 Apr 2024 19:25:31 +0800
Subject: [PATCH] fix: permission mode of new node with minimum default acl
 (#4676)

Signed-off-by: jiefenghuang <jiefeng@juicedata.io>
---
 pkg/meta/base_test.go   | 7 +------
 pkg/meta/random_test.go | 2 +-
 pkg/meta/redis.go       | 2 +-
 pkg/meta/sql.go         | 2 +-
 pkg/meta/tkv.go         | 2 +-
 5 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/pkg/meta/base_test.go b/pkg/meta/base_test.go
index ae784cc2f8ca..c47e764237fe 100644
--- a/pkg/meta/base_test.go
+++ b/pkg/meta/base_test.go
@@ -373,6 +373,7 @@ func testACL(t *testing.T, m Meta) {
 		t.Fatalf("create %s: %s", subDir, st)
 	}
 	defer m.Rmdir(ctx, testDirIno, subDir2)
+	assert.Equal(t, uint16(0), attr2.Mode)
 
 	// subdir inherit default acl
 	rule3 = &aclAPI.Rule{}
@@ -386,12 +387,6 @@ func testACL(t *testing.T, m Meta) {
 	st = m.GetFacl(ctx, subDirIno2, aclAPI.TypeAccess, rule3)
 	assert.Equal(t, ENOATTR, st)
 
-	attr2 = &Attr{}
-	if st := m.GetAttr(ctx, subDirIno2, attr2); st != 0 {
-		t.Fatalf("getattr error: %s", st)
-	}
-	assert.Equal(t, rule.GetMode(), attr2.Mode)
-
 	// test cache all
 	sz := m.getBase().aclCache.Size()
 	err := m.getBase().en.cacheACLs(ctx)
diff --git a/pkg/meta/random_test.go b/pkg/meta/random_test.go
index 8c2f4cfc00aa..ac4b3dc0311a 100644
--- a/pkg/meta/random_test.go
+++ b/pkg/meta/random_test.go
@@ -219,7 +219,7 @@ func (m *fsMachine) create(_type uint8, parent Ino, name string, mode, umask uin
 
 		if rule.IsMinimal() {
 			// simple acl as default
-			n.mode = (mode & 0xFE00) | rule.GetMode()
+			n.mode = mode & (0xFE00 | rule.GetMode())
 		} else {
 			cRule := rule.ChildAccessACL(mode)
 			n.accACL = cRule
diff --git a/pkg/meta/redis.go b/pkg/meta/redis.go
index f7cd2569246b..99e22c9282c6 100644
--- a/pkg/meta/redis.go
+++ b/pkg/meta/redis.go
@@ -1255,7 +1255,7 @@ func (m *redisMeta) doMknod(ctx Context, parent Ino, name string, _type uint8, m
 
 			if rule.IsMinimal() {
 				// simple acl as default
-				attr.Mode = (mode & 0xFE00) | rule.GetMode()
+				attr.Mode = mode & (0xFE00 | rule.GetMode())
 			} else {
 				cRule := rule.ChildAccessACL(mode)
 				id, err := m.insertACL(ctx, tx, cRule)
diff --git a/pkg/meta/sql.go b/pkg/meta/sql.go
index b3735ec52c72..77941f0553dd 100644
--- a/pkg/meta/sql.go
+++ b/pkg/meta/sql.go
@@ -1335,7 +1335,7 @@ func (m *dbMeta) doMknod(ctx Context, parent Ino, name string, _type uint8, mode
 
 			if rule.IsMinimal() {
 				// simple acl as default
-				n.Mode = (mode & 0xFE00) | rule.GetMode()
+				n.Mode = mode & (0xFE00 | rule.GetMode())
 			} else {
 				cRule := rule.ChildAccessACL(mode)
 				id, err := m.insertACL(s, cRule)
diff --git a/pkg/meta/tkv.go b/pkg/meta/tkv.go
index 613d6569f9f4..6168202901aa 100644
--- a/pkg/meta/tkv.go
+++ b/pkg/meta/tkv.go
@@ -1147,7 +1147,7 @@ func (m *kvMeta) doMknod(ctx Context, parent Ino, name string, _type uint8, mode
 
 			if rule.IsMinimal() {
 				// simple acl as default
-				attr.Mode = (mode & 0xFE00) | rule.GetMode()
+				attr.Mode = mode & (0xFE00 | rule.GetMode())
 			} else {
 				cRule := rule.ChildAccessACL(mode)
 				id, err := m.insertACL(tx, cRule)