What are negative permissions?

Michael Sierchio kudzu at tenebras.com
Sun Sep 16 20:02:23 UTC 2012

On Sun, Sep 16, 2012 at 12:50 PM, Matthias Apitz <guru at unixarea.de> wrote:

> El día Sunday, September 16, 2012 a las 08:37:48PM +0100, Matthew Seaman
> escribió:
> > It's where the group ownership of a file gives it fewer permissions than
> > are allowed for the world in general.
> >
> > Suppose you have a file with these permissions and ownership:
> >
> > foo bar -rwx---r-x
> >
> > ...
> So far so good (and correct) the theory. But, could you imagine a real
> world example where this makes any sense?

Group permissions are rather blunt, and if you want fine-grained access
controls, you'll need to enable ACLs.  However...

Imagine, if you will, a group entitled "guest," with the semantics you
might normally associate with that name - then using negative group
permissions on a directory effectively prevents traversal beyond that point
for members of that group.

- M

More information about the freebsd-questions mailing list