When perlio became the default and unixio became the default bottom
layer, the most common path for creating files from Perl became
PerlIOUnix_open, which has always explicitly used 0666 as the
permission mask. This has the following undesireable effects on
VMS:
1.) The execute bit is lost regardless of whether it's in the default
permissions.
2.) Delete permission (which doesn't exist in the Unix permission mask) is
copied from write permission, so granting write permission also grants
delete even if it's not in the default permission mask. This can result
in an inadvertent widening of permissions.
3.) System permissions (which don't exist in the Unix permission mask) are
copied from owner permissions, so any distinction between system and
owner is lost.
4.) ACLs are not inherited. For example, setting a default_protection ACE
on a directory such that all world access is disallowed will be ignored;
world will have the intersection of RWD (the final 6 in 0666) and whatever
the default permissions are regardless of what the ACL says. Thus not
inheriting ACLs can result in the inadvertent widening of permissions.
The way to avoid all of this is to pass 0777 as the permissions to open().
In the VMS CRTL, 0777 has a special meaning over and above intersecting
with the current umask; specifically, it allows Unix syscalls to preserve
native default permissions. Details currently documented at:
http://h71000.www7.hp.com/doc/732final/5763/5763pro_060.html#umask_routine
mode++;
else {
imode = PerlIOUnix_oflags(mode);
+#ifdef VMS
+ perm = 0777; /* preserve RMS defaults, ACL inheritance, etc. */
+#else
perm = 0666;
+#endif
}
if (imode != -1) {
const char *path = SvPV_nolen_const(*args);
https://perl5.git.perl.org / perl5.git / commitdiff