FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-20-2010, 12:17 AM
Markus Falb
 
Default acl and chmod interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

#$ setfacl -m u:mf:r bla
#$ getfacl bla
# file: bla
# owner: root
# group: root
user::rw-
user:mf:r--
group::r--
mask::r--
other::r--

It is readable by mf like intended.

#$ chmod go-rwx bla
#$ getfacl bla
# file: bla
# owner: root
# group: root
user::rw-
user:mf:r-- #effective:---
group::r-- #effective:---
mask::---
other::---

It is not readable no more by mf which was not intended.
Obviously the mask:: is cleared, but why ? OTOH group::r ?

Confused am i

- --
Regards,
markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxE6wEACgkQYoWFBIJE9eVXMwCfRWhN2OKvi4 WyJUumB7leuCGY
v3UAoIEAzpq+m96IQeilRIXSAdNEU6km
=FOj6
-----END PGP SIGNATURE-----

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-20-2010, 11:02 AM
Markus Falb
 
Default acl and chmod interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/07/2010 02:17, Markus Falb wrote:
> #$ setfacl -m u:mf:r bla
> #$ getfacl bla
...

> It is readable by mf like intended.
>
> #$ chmod go-rwx bla
...

> It is not readable no more by mf which was not intended.
> Obviously the mask:: is cleared, but why ? OTOH group::r ?

to answer myself (from acl(5))

snip

The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.

The permissions defined for the file group correspond to the permissions
of the ACL_GROUP_OBJ entry, if the ACL has no ACL_MASK entry. If the ACL
has an ACL_MASK entry, then the permissions defined for the file group
correspond to the permissions of the ACL_MASK entry.

snap


> Confused am i

I tend to think of acls as an extended variant of the classical group
permission now.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxFgkwACgkQYoWFBIJE9eVnzgCgvZ8XPBPd3E r6nb9mfyrPGKpS
g88AniRxo+TV/YTamXFCwrIgI5GczXYA
=0oEB
-----END PGP SIGNATURE-----

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org