Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Oct 2005 13:11:12 +0200
From:      Heinrich Rebehn <rebehn@ant.uni-bremen.de>
To:        Victor Sudakov <sudakov@sibptus.tomsk.ru>
Cc:        freebsd-fs@freebsd.org, Robert Watson <rwatson@FreeBSD.org>
Subject:   Re: Problem with default ACLs and mask
Message-ID:  <4354D850.8060908@ant.uni-bremen.de>
In-Reply-To: <20051017141609.GA83692@admin.sibptus.tomsk.ru>
References:  <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> <20051017141609.GA83692@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
Victor Sudakov wrote:
> Heinrich Rebehn wrote:
> 
>>Why is the write bit of the mask reset when removing write perms for
>>group? Is this really intended? 
> 
> 
> Yes, it is intended, whether it was a good idea or not.
> 
> Quoting from setfacl(1)
> 
>      Traditional POSIX interfaces acting on file system object modes have mod-
>      ified semantics in the presence of POSIX.1e extended ACLs.  When a mask
>      entry is present on the access ACL of an object, the mask entry is sub-
>      stituted for the group bits; this occurs in programs such as stat(1) or
> 
>>    ls(1).  When the mode is modified on an object that has a mask entry, the
>>    changes applied to the group bits will actually be applied to the mask
>>    entry.  These semantics provide for greater application compatibility:
> 
>      applications modifying the mode instead of the ACL will see conservative
>      behavior, limiting the effective rights granted by all of the additional
>      user and group entries; this occurs in programs such as chmod(1).
> 
> 
Very sad :-( It really seems to be impossible to implment something like
a "Group Manager" enabling me to delegate priviliges for a group of
users to some non-root person.

Where is that code located so i could patch it myself?

--Heinrich

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4354D850.8060908>