Problem with default ACLs and mask
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Oct 17 07:16:16 PDT 2005
Heinrich Rebehn wrote:
>
> Why is the write bit of the mask reset when removing write perms for
> group? Is this really intended?
Yes, it is intended, whether it was a good idea or not.
Quoting from setfacl(1)
Traditional POSIX interfaces acting on file system object modes have mod-
ified semantics in the presence of POSIX.1e extended ACLs. When a mask
entry is present on the access ACL of an object, the mask entry is sub-
stituted for the group bits; this occurs in programs such as stat(1) or
> ls(1). When the mode is modified on an object that has a mask entry, the
> changes applied to the group bits will actually be applied to the mask
> entry. These semantics provide for greater application compatibility:
applications modifying the mode instead of the ACL will see conservative
behavior, limiting the effective rights granted by all of the additional
user and group entries; this occurs in programs such as chmod(1).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-fs
mailing list