Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Oct 2005 21:16:09 +0700
From:      Victor Sudakov <sudakov@sibptus.tomsk.ru>
To:        Heinrich Rebehn <rebehn@ant.uni-bremen.de>
Cc:        freebsd-fs@freebsd.org, Robert Watson <rwatson@FreeBSD.org>
Subject:   Re: Problem with default ACLs and mask
Message-ID:  <20051017141609.GA83692@admin.sibptus.tomsk.ru>
In-Reply-To: <435351F7.10101@ant.uni-bremen.de>
References:  <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Heinrich Rebehn wrote:
> 
> Why is the write bit of the mask reset when removing write perms for
> group? Is this really intended? 

Yes, it is intended, whether it was a good idea or not.

Quoting from setfacl(1)

     Traditional POSIX interfaces acting on file system object modes have mod-
     ified semantics in the presence of POSIX.1e extended ACLs.  When a mask
     entry is present on the access ACL of an object, the mask entry is sub-
     stituted for the group bits; this occurs in programs such as stat(1) or
>     ls(1).  When the mode is modified on an object that has a mask entry, the
>     changes applied to the group bits will actually be applied to the mask
>     entry.  These semantics provide for greater application compatibility:
     applications modifying the mode instead of the ACL will see conservative
     behavior, limiting the effective rights granted by all of the additional
     user and group entries; this occurs in programs such as chmod(1).


-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051017141609.GA83692>