Problem with default ACLs and mask
Heinrich Rebehn
rebehn at ant.uni-bremen.de
Wed Oct 19 01:01:29 PDT 2005
Victor Sudakov wrote:
> Heinrich Rebehn wrote:
>
>>>>>>Why is the write bit of the mask reset when removing write perms for
>>>>>>group? Is this really intended?
>>>>>
>>>>>
>>>>>Yes, it is intended, whether it was a good idea or not.
>>>
>>>
>>>[dd]
>>>
>>>
>>>
>>>>Very sad :-( It really seems to be impossible to implment something like
>>>>a "Group Manager" enabling me to delegate priviliges for a group of
>>>>users to some non-root person.
>>>
>>>
>>>What OS allows you to do it?
>>>
>>
>>I have done such things with OpenVMS. Dunno how much control
>>Windows/NTFS allows.
>
>
> Doesn't OpenVMS also have the concept of default ACLs on directories?
> How is the matter handled there?
>
Yes, it has. But it does not have the concept of a "mask", which limits
the resulting access rights.
In OpenVMS, group members can also "lock out" the group manager by
removing the ACLs. But they must do so on purpose, and the group manager
can talk to them if that happens.
With Posix1e however, users can inadvertently create directories with
the group write bit removed (by extracting a tar ball), which the group
manager is then unable to delete.
--Heinrich
More information about the freebsd-fs
mailing list