From owner-freebsd-fs@FreeBSD.ORG Mon Oct 17 14:16:16 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A3A316A41F; Mon, 17 Oct 2005 14:16:16 +0000 (GMT) (envelope-from sudakov@sibptus.tomsk.ru) Received: from relay2.tomsk.ru (relay2.tomsk.ru [212.73.124.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 151C243D5F; Mon, 17 Oct 2005 14:16:10 +0000 (GMT) (envelope-from sudakov@sibptus.tomsk.ru) X-Virus-Scanned: by Dr.Web (R) daemon for FreeBSD, version 4.32.1 (2004-08-30) at relay2.tomsk.ru Received: from [172.16.138.125] (account sudakovva@sibptus.tomsk.ru HELO admin.sibptus.tomsk.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 4.3.2) with ESMTPSA id 1388581; Mon, 17 Oct 2005 21:16:09 +0700 Received: (from sudakov@localhost) by admin.sibptus.tomsk.ru (8.12.9p2/8.12.9/Submit) id j9HEG9Fs083747; Mon, 17 Oct 2005 21:16:09 +0700 (OMSST) (envelope-from sudakov@sibptus.tomsk.ru) X-Authentication-Warning: admin.sibptus.tomsk.ru: sudakov set sender to sudakov@sibptus.tomsk.ru using -f Date: Mon, 17 Oct 2005 21:16:09 +0700 From: Victor Sudakov To: Heinrich Rebehn Message-ID: <20051017141609.GA83692@admin.sibptus.tomsk.ru> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <435351F7.10101@ant.uni-bremen.de> User-Agent: Mutt/1.4.2.1i Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://vas.tomsk.ru/vas.asc Cc: freebsd-fs@freebsd.org, Robert Watson Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2005 14:16:16 -0000 Heinrich Rebehn wrote: > > Why is the write bit of the mask reset when removing write perms for > group? Is this really intended? Yes, it is intended, whether it was a good idea or not. Quoting from setfacl(1) Traditional POSIX interfaces acting on file system object modes have mod- ified semantics in the presence of POSIX.1e extended ACLs. When a mask entry is present on the access ACL of an object, the mask entry is sub- stituted for the group bits; this occurs in programs such as stat(1) or > ls(1). When the mode is modified on an object that has a mask entry, the > changes applied to the group bits will actually be applied to the mask > entry. These semantics provide for greater application compatibility: applications modifying the mode instead of the ACL will see conservative behavior, limiting the effective rights granted by all of the additional user and group entries; this occurs in programs such as chmod(1). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru