Date: Mon, 17 Oct 2005 21:16:09 +0700 From: Victor Sudakov <sudakov@sibptus.tomsk.ru> To: Heinrich Rebehn <rebehn@ant.uni-bremen.de> Cc: freebsd-fs@freebsd.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: Problem with default ACLs and mask Message-ID: <20051017141609.GA83692@admin.sibptus.tomsk.ru> In-Reply-To: <435351F7.10101@ant.uni-bremen.de> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Heinrich Rebehn wrote:
>
> Why is the write bit of the mask reset when removing write perms for
> group? Is this really intended?
Yes, it is intended, whether it was a good idea or not.
Quoting from setfacl(1)
Traditional POSIX interfaces acting on file system object modes have mod-
ified semantics in the presence of POSIX.1e extended ACLs. When a mask
entry is present on the access ACL of an object, the mask entry is sub-
stituted for the group bits; this occurs in programs such as stat(1) or
> ls(1). When the mode is modified on an object that has a mask entry, the
> changes applied to the group bits will actually be applied to the mask
> entry. These semantics provide for greater application compatibility:
applications modifying the mode instead of the ACL will see conservative
behavior, limiting the effective rights granted by all of the additional
user and group entries; this occurs in programs such as chmod(1).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051017141609.GA83692>