From owner-freebsd-fs@FreeBSD.ORG Wed Oct 19 08:01:29 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B7FA16A41F; Wed, 19 Oct 2005 08:01:29 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from antsrv1.ant.uni-bremen.de (antsrv1.ant.uni-bremen.de [134.102.176.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFF3F43D46; Wed, 19 Oct 2005 08:01:28 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv1.ant.uni-bremen.de with esmtp (Exim 4.54 (FreeBSD)) id 1ES8t5-0002YJ-Ab; Wed, 19 Oct 2005 10:01:27 +0200 Message-ID: <4355FD57.3060102@ant.uni-bremen.de> Date: Wed, 19 Oct 2005 10:01:27 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050831 Debian/1.7.8-1sarge2 X-Accept-Language: en MIME-Version: 1.0 To: Victor Sudakov References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> <20051017141609.GA83692@admin.sibptus.tomsk.ru> <4354D850.8060908@ant.uni-bremen.de> <20051018112135.GA94670@admin.sibptus.tomsk.ru> <4354E644.7090608@ant.uni-bremen.de> <20051018154627.GB95892@admin.sibptus.tomsk.ru> In-Reply-To: <20051018154627.GB95892@admin.sibptus.tomsk.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-fs@freebsd.org, Robert Watson Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 08:01:29 -0000 Victor Sudakov wrote: > Heinrich Rebehn wrote: > >>>>>>Why is the write bit of the mask reset when removing write perms for >>>>>>group? Is this really intended? >>>>> >>>>> >>>>>Yes, it is intended, whether it was a good idea or not. >>> >>> >>>[dd] >>> >>> >>> >>>>Very sad :-( It really seems to be impossible to implment something like >>>>a "Group Manager" enabling me to delegate priviliges for a group of >>>>users to some non-root person. >>> >>> >>>What OS allows you to do it? >>> >> >>I have done such things with OpenVMS. Dunno how much control >>Windows/NTFS allows. > > > Doesn't OpenVMS also have the concept of default ACLs on directories? > How is the matter handled there? > Yes, it has. But it does not have the concept of a "mask", which limits the resulting access rights. In OpenVMS, group members can also "lock out" the group manager by removing the ACLs. But they must do so on purpose, and the group manager can talk to them if that happens. With Posix1e however, users can inadvertently create directories with the group write bit removed (by extracting a tar ball), which the group manager is then unable to delete. --Heinrich