Andy,

On Tue, 2010-09-14 at 11:31 -0400, Tom H wrote:
> On Tue, Sep 14, 2010 at 8:06 AM, Andy Graybeal
> <andy.graybeal@casanueva.com> wrote:
> > This is a repeat question, I'm going to rephrase it a little and maybe
> > I'll get a response this time around.
> >
> > I'm using Ubuntu 10.04, metacity and nautilus, and linux terminal server
> > (LTSP).
> >
> > My umask is set to 002 in my /etc/X11/Xsession.d.
> > The filesystem has ACL's enabled.
> > I have the folder set with setgid +s.
> >
> > The ACL's look like this:
> > andy.graybeal@buddleia:/srv/Desktop/Tech$ getfacl .
> > # file: .
> > # owner: root
> > # group: tech
> > # flags: -s-
> > user::rwx
> > group::rwx
> > other::r-x
> > default:user::rwx
> > default:group::rwx
> > default:mask::rwx
> > defaultther::r-x
> >
> > andy.graybeal@buddleia:/srv/Desktop/Tech$
> >
> > Why when I copy a file from a jump/flash drive, does it not inherit the
> > ACL's properly?
> > Here is an example of a file I copied from a jump drive:
> >
> > andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -lah cabling.txt
> > -rwx------+ 1 andy.graybeal tech 2.8K 2010-07-28 20:40 cabling.txt
> > andy.graybeal@buddleia:/srv/Desktop/Tech$
>
> Is "/etc/X11/Xsession.d" the right place for your umask?!

umask is ignored if there is a default mask entry.

I think the permissions are correct. The defaults in the ACL say a file
should get rwxrwxr-x but this is then AND'd with the default mask of rwx
giving rwx------

Or am I missing something?

Regards,
Tony.
--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Everyone seems to have ignored my contribution to this thread. If I'm
wrong just tell me, but please do not just ignore me.

Andy, you might let us know what permissions you were expecting given
the ACL you had set up on the directory.

Yes, and I'm top posting. I really don't care!

Regards,
Tony.

On Tue, 2010-09-14 at 16:51 +0100, Tony Arnold wrote:
> Andy,
>
> On Tue, 2010-09-14 at 11:31 -0400, Tom H wrote:
> > On Tue, Sep 14, 2010 at 8:06 AM, Andy Graybeal
> > <andy.graybeal@casanueva.com> wrote:
> > > This is a repeat question, I'm going to rephrase it a little and maybe
> > > I'll get a response this time around.
> > >
> > > I'm using Ubuntu 10.04, metacity and nautilus, and linux terminal server
> > > (LTSP).
> > >
> > > My umask is set to 002 in my /etc/X11/Xsession.d.
> > > The filesystem has ACL's enabled.
> > > I have the folder set with setgid +s.
> > >
> > > The ACL's look like this:
> > > andy.graybeal@buddleia:/srv/Desktop/Tech$ getfacl .
> > > # file: .
> > > # owner: root
> > > # group: tech
> > > # flags: -s-
> > > user::rwx
> > > group::rwx
> > > other::r-x
> > > default:user::rwx
> > > default:group::rwx
> > > default:mask::rwx
> > > defaultther::r-x
> > >
> > > andy.graybeal@buddleia:/srv/Desktop/Tech$
> > >
> > > Why when I copy a file from a jump/flash drive, does it not inherit the
> > > ACL's properly?
> > > Here is an example of a file I copied from a jump drive:
> > >
> > > andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -lah cabling.txt
> > > -rwx------+ 1 andy.graybeal tech 2.8K 2010-07-28 20:40 cabling.txt
> > > andy.graybeal@buddleia:/srv/Desktop/Tech$
> >
> > Is "/etc/X11/Xsession.d" the right place for your umask?!
>
> umask is ignored if there is a default mask entry.
>
> I think the permissions are correct. The defaults in the ACL say a file
> should get rwxrwxr-x but this is then AND'd with the default mask of rwx
> giving rwx------
>
> Or am I missing something?
>
> Regards,
> Tony.
> --
> Tony Arnold, Tel: +44 (0) 161 275 6093
> Head of IT Security, Fax: +44 (0) 705 344 3082
> University of Manchester, Mob: +44 (0) 773 330 0039
> Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk
>
>

--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Tue, 2010-09-14 at 22:05 -0400, Rashkae wrote:
> Tony Arnold wrote:
> > Everyone seems to have ignored my contribution to this thread. If I'm
> > wrong just tell me, but please do not just ignore me.
> >
> > Andy, you might let us know what permissions you were expecting given
> > the ACL you had set up on the directory.
>
> >>
> >> I think the permissions are correct. The defaults in the ACL say a file
> >> should get rwxrwxr-x but this is then AND'd with the default mask of rwx
> >> giving rwx------
> >>
> >> Or am I missing something?
> >>
>
> You're missing that the files he's copying have a permission of 600,
> which is preserved when they are copied to the new folder. The ACL
> therefore does not get AND'd with rwxrwxr-x as it would with default
> mask, but rw--------, and therefore, doesn't work as wanted.
>

No, the post I was responding to showed the resulting permissions on the
file as -rwx------, which is 700 and ties in with my logic above.

> > andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -lah cabling.txt
> > -rwx------+ 1 andy.graybeal tech 2.8K 2010-07-28 20:40 cabling.txt

Have I missed an earlier post with more information?

Regards,
Tony.
--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Andy,

On Wed, 2010-09-15 at 07:42 -0400, Andy Graybeal wrote:
> On 09/14/2010 10:05 PM, Rashkae wrote:
> > Tony Arnold wrote:
> >> Everyone seems to have ignored my contribution to this thread. If I'm
> >> wrong just tell me, but please do not just ignore me.
> >>
> >> Andy, you might let us know what permissions you were expecting given
> >> the ACL you had set up on the directory.
> >
> >>>
> >>> I think the permissions are correct. The defaults in the ACL say a file
> >>> should get rwxrwxr-x but this is then AND'd with the default mask of rwx
> >>> giving rwx------
> >>>
> >>> Or am I missing something?
> >>>
> >
> > You're missing that the files he's copying have a permission of 600,
> > which is preserved when they are copied to the new folder. The ACL
> > therefore does not get AND'd with rwxrwxr-x as it would with default
> > mask, but rw--------, and therefore, doesn't work as wanted.
> >
>
> Tony, I wasn't ignoring you, but I didn't know (as in I'm not smart
> enough, yet) how to respond. You clearly understand these things more
> than I do, I didn't know what to go with a response.

Well, I thought I understood these things, but some experiments have
just cast some doubt on my understanding!

> Please don't be offended, that wasn't my intention. I should have
> thanked you and asked a question.

I obviously wasn't in the best mood when I wrote what I did. I was
unsure of what I was saying and was hoping someone would either confirm
what I said and would tell me what I had got wrong.

> I would like to end up with the files looking like this:
> -rw-rw-r--

OK, you clearly were not getting that result!

> This won't be a place where scripts or anything is stored, it's only for
> data files (documents and spreadsheets mostly), so nothing will get
> executed from this folder.

OK, so x permissions required.

> Obviously it would be nice when someone created folders they would look
> like this:
> drwxrwxr-x
>
> I would like the files to inherit the group owner of the directory
> (which I think i've accomplished, because it's working with both
> nautilus and gnome-terminal, and i did this with setgid +s).

Yes, that's what setgid +s does.

> If there is another approach I should be taking, I'm open to it. This
> is just how I imagined my workplace would be able to work together on
> files, and people from the Finance team wouldn't be able to 'create,
> edit, delete' the files belonging to the Tech team, and vice-versa. I
> would like the ability for everyone to read everyone else's work.

So are all the users in the Finance team in a 'finance' group and
similarly for the tech team users? And everyone in the Finance team can
read/write any file created by any user in the Finance team, but only
read file created by users in the Tech team (and vice versa)?

> You have to understand that I'm fairly new to this, and I thought that
> this was a fairly popular way to work with files with groups of people
> working together.

Just my opinion but I'm not sure ACLs are used that much on Linux
systems. On Ubuntu, at least, they are disabled by default!

> I'm having second thoughts and doubting myself. I'm also sorry for
> asking poorly thought out and confusing questions. I keep reading the
> ACL documentation, but I admit that it's hard for me to understand.

It's a confusing area to get to grips with.

I'll do some more experimenting and see what I can come up with.

Regards,
Tony.
--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users