2 files changed, 22 insertions, 0 deletions

diff --git a/src/bindfs.c b/src/bindfs.c
index fe366c8..af92997 100644
--- a/src/bindfs.c
+++ b/src/bindfs.c
@@ -114,6 +114,8 @@ static struct Settings {
     
     int chmod_allow_x;
 
+    struct permchain *chmod_permchain; /* the --chmod-perms option */
+
     enum XAttrPolicy {
         XATTR_UNIMPLEMENTED,
         XATTR_READ_ONLY,
@@ -595,6 +597,7 @@ static int bindfs_chmod(const char *path, mode_t mode)
 
     switch (settings.chmod_policy) {
     case CHMOD_NORMAL:
+        mode = permchain_apply(settings.chmod_permchain, mode);
         if (chmod(path, mode) == -1)
             return -errno;
         return 0;
@@ -965,6 +968,7 @@ static void print_usage(const char *progname)
            "  --chmod-ignore            Have all chmods fail silently.\n"
            "  --chmod-deny              Have all chmods fail with 'permission denied'.\n"
            "  --chmod-allow-x           Allow changing file execute bits in any case.\n"
+           "  --chmod-perms             Alter permissions when to chmod the original file.\n"
            "\n"
            "Extended attribute policy:\n"
            "  --xattr-none              Do not implement xattr operations.\n"
@@ -1009,6 +1013,7 @@ enum OptionKey {
     OPTKEY_CHMOD_IGNORE,
     OPTKEY_CHMOD_DENY,
     OPTKEY_CHMOD_ALLOW_X,
+    OPTKEY_CHMOD_PERMS,
     OPTKEY_XATTR_NONE,
     OPTKEY_XATTR_READ_ONLY,
     OPTKEY_XATTR_READ_WRITE,
@@ -1336,6 +1341,7 @@ int main(int argc, char *argv[])
         char *create_for_user;
         char *create_for_group;
         char *create_with_perms;
+        char *chmod_perms;
         int no_allow_other;
         int multithreaded;
     } od;
@@ -1384,6 +1390,7 @@ int main(int argc, char *argv[])
         OPT2("--chmod-ignore", "chmod-ignore", OPTKEY_CHMOD_IGNORE),
         OPT2("--chmod-deny", "chmod-deny", OPTKEY_CHMOD_DENY),
         OPT2("--chmod-allow-x", "chmod-allow-x", OPTKEY_CHMOD_ALLOW_X),
+        OPT_OFFSET2("--chmod-perms=%s", "chmod-perms=%s", chmod_perms, -1),
         
         OPT2("--xattr-none", "xattr-none", OPTKEY_XATTR_NONE),
         OPT2("--xattr-ro", "xattr-ro", OPTKEY_XATTR_READ_ONLY),
@@ -1418,6 +1425,7 @@ int main(int argc, char *argv[])
     settings.chgrp_policy = CHGRP_NORMAL;
     settings.chmod_policy = CHMOD_NORMAL;
     settings.chmod_allow_x = 0;
+    settings.chmod_permchain = permchain_create();
     settings.xattr_policy = XATTR_READ_WRITE;
     settings.mirrored_users_only = 0;
     settings.mirrored_users = NULL;
@@ -1531,6 +1539,12 @@ int main(int argc, char *argv[])
             return 1;
         }
     }
+    if (od.chmod_perms) {
+        if (add_chmod_rules_to_permchain(od.chmod_perms, settings.chmod_permchain) != 0) {
+            fprintf(stderr, "Invalid permission specification: '%s'\n", od.chmod_perms);
+            return 1;
+        }
+    }
 
 
     /* Single-threaded mode by default */
diff --git a/tests/test_bindfs.rb b/tests/test_bindfs.rb
index a78345b..26c7b20 100755
--- a/tests/test_bindfs.rb
+++ b/tests/test_bindfs.rb
@@ -258,6 +258,14 @@ testenv("--chmod-deny --chmod-allow-x") do
     assert_exception(EPERM) { chmod(0700, 'mnt/dir') } # chmod on dir should not work
 end
 
+testenv("--chmod-perms=g-w,o-rwx") do
+    touch('src/file')
+
+    chmod(0666, 'mnt/file')
+
+    assert { File.stat('src/file').mode & 0777 == 0640 }
+end
+
 root_testenv("--map=nobody/root:@nogroup/@root") do
     touch('src/file')
     chown('nobody', 'nogroup', 'src/file')