Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Oct 2005 10:01:27 +0200
From:      Heinrich Rebehn <rebehn@ant.uni-bremen.de>
To:        Victor Sudakov <sudakov@sibptus.tomsk.ru>
Cc:        freebsd-fs@freebsd.org, Robert Watson <rwatson@FreeBSD.org>
Subject:   Re: Problem with default ACLs and mask
Message-ID:  <4355FD57.3060102@ant.uni-bremen.de>
In-Reply-To: <20051018154627.GB95892@admin.sibptus.tomsk.ru>
References:  <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> <20051017141609.GA83692@admin.sibptus.tomsk.ru> <4354D850.8060908@ant.uni-bremen.de> <20051018112135.GA94670@admin.sibptus.tomsk.ru> <4354E644.7090608@ant.uni-bremen.de> <20051018154627.GB95892@admin.sibptus.tomsk.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov wrote:
> Heinrich Rebehn wrote:
> 
>>>>>>Why is the write bit of the mask reset when removing write perms for
>>>>>>group? Is this really intended? 
>>>>>
>>>>>
>>>>>Yes, it is intended, whether it was a good idea or not.
>>>
>>>
>>>[dd]
>>>
>>>
>>>
>>>>Very sad :-( It really seems to be impossible to implment something like
>>>>a "Group Manager" enabling me to delegate priviliges for a group of
>>>>users to some non-root person.
>>>
>>>
>>>What OS allows you to do it?
>>>
>>
>>I have done such things with OpenVMS. Dunno how much control
>>Windows/NTFS allows.
> 
> 
> Doesn't OpenVMS also have the concept of default ACLs on directories?
> How is the matter handled there?
> 
Yes, it has. But it does not have the concept of a "mask", which limits
the resulting access rights.

In OpenVMS, group members can also "lock out" the group manager by
removing the ACLs. But they must do so on purpose, and the group manager
can talk to them if that happens.

With Posix1e however, users can inadvertently create directories with
the group write bit removed (by extracting a tar ball), which the group
manager is then unable to delete.

--Heinrich



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4355FD57.3060102>