Date: Fri, 14 Oct 2005 13:59:42 +0200 From: Heinrich Rebehn <rebehn@ant.uni-bremen.de> To: Victor Sudakov <sudakov@sibptus.tomsk.ru> Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask Message-ID: <434F9DAE.6070607@ant.uni-bremen.de> In-Reply-To: <20051014064145.GA40856@admin.sibptus.tomsk.ru> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov wrote: > Heinrich Rebehn wrote: > > > [dd] > >>Am i doing something wrong here? Why is the mask not propagated? > > > I am afraid the current umask prevents it. > You must set it to something like "umask 002" before you create your > files or directories (the group write bit matters here). > This does not always work: # # Show ACLs on current directory # -bash-2.05b$ getfacl . #file:. #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- -bash-2.05b$ getfacl -d . #file:. #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- # # create a dir with umask 022 and umask 000, then extract a tar ball # -bash-2.05b$ umask 0022 -bash-2.05b$ mkdir D1 -bash-2.05b$ umask 0 -bash-2.05b$ mkdir D2 -bash-2.05b$ !tar tar xzf /export/linux/root/debian/usr/local/src/TARS/STonX-0.6.5.tar.gz -bash-2.05b$ getfacl * #file:D1 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx # effective: r-x mask::r-x other::--- #file:D2 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- #file:STonX-0.6.5 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx # effective: --x mask::--x other::--x -bash-2.05b$ As you can see, it works for the dirs created by hand, but not for the dir created by tar. > >>Update: I saw a post suggesting using different umasks, but that did not >>work either (besides being a bit clumsy solution). > > > I agree it may be clumsy but it does work, I use it. > Set the user's umask from login.conf > It's not only clumsy, it doesn't even work reliably :-( I want to have members of the group "wiss" to have full control, no matter what tools are used to create the files (unless the user deliberately resets the ACLs, of course). Regards, Heinrich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?434F9DAE.6070607>