ACL mask problems
Josh Endries
josh at endries.org
Tue Oct 9 08:21:50 PDT 2007
Hello,
I'm getting quite annoyed at ACLs. I don't understand why this is
happening: I have a directory that gets subdirectories created by a web
script, but for some reason those directories have different
permissions. Here is the parent's default ACL, which as I understand it
should be what subdirectories are created with:
# getfacl -d private/logs/mail/2007
#file:private/logs/mail/2007
#owner:1005
#group:1005
user::rwx
user:www:rwx
user:rsync:rwx
group::rwx
mask::rwx
other::---
This is the ACL of a directory created by the script:
# getfacl private/logs/mail/2007/10
#file:private/logs/mail/2007/10
#owner:1005
#group:1005
user::rwx
user:www:rwx # effective: r-x
user:rsync:rwx # effective: r-x
group::rwx # effective: r-x
mask::r-x
other::---
This unfortunately prevents Apache from writing it's log files. Why did
the mask change? I know there's some link between the mask and group
permissions, or something weird like that, but I thought group being rwx
and mask rwx would cause the new mask to also be rwx...maybe other is
causing the issue? That seems pretty dumb to me. I've read various pages
on ACLs, including the handbook, and I haven't been able to understand
this. :(
Thanks,
Josh
More information about the freebsd-questions
mailing list