From bd9cfc8321cb138974e00d3a3f30443ee47c9e54 Mon Sep 17 00:00:00 2001
From: Daniel Henninger <daniel@ncsu.edu>
Date: Tue, 13 Aug 2019 11:18:40 -0400
Subject: [PATCH] Separate perm set check from actual set perms.

---
 lib/puppet/provider/posix_acl/posixacl.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/puppet/provider/posix_acl/posixacl.rb b/lib/puppet/provider/posix_acl/posixacl.rb
index bec66af..ca3f5f0 100644
--- a/lib/puppet/provider/posix_acl/posixacl.rb
+++ b/lib/puppet/provider/posix_acl/posixacl.rb
@@ -86,12 +86,15 @@ def permission=(_value) # TODO: Investigate why we're not using this parameter
       purge
     when :exact, :set
       cur_perm = permission
+      new_perm = @resource.value(:permission)
       # For comparison purposes, we want to change X to x as it's only useful
       # for setfacl and isn't stored or noted by getfacl.
-      new_perm = @resource.value(:permission).map(&:downcase)
+      lc_new_perm = new_perm.map(&:downcase)
       perm_to_set = new_perm - cur_perm
-      perm_to_unset = cur_perm - new_perm
-      return false if perm_to_set.empty? && perm_to_unset.empty?
+      perm_to_set_check = lc_new_perm - cur_perm
+      # Unset perms always should match against lowercased x.
+      perm_to_unset = cur_perm - lc_new_perm
+      return false if perm_to_set_check.empty? && perm_to_unset.empty?
       # Take supplied perms literally, unset any existing perms which
       # are absent from ACLs given
       if check_exact