From owner-freebsd-fs@FreeBSD.ORG Fri Oct 14 11:59:43 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF2B416A41F for ; Fri, 14 Oct 2005 11:59:43 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from antsrv1.ant.uni-bremen.de (antsrv1.ant.uni-bremen.de [134.102.176.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DAEA43D48 for ; Fri, 14 Oct 2005 11:59:42 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv1.ant.uni-bremen.de with esmtp (Exim 4.54 (FreeBSD)) id 1EQODu-000Ff8-7a; Fri, 14 Oct 2005 13:59:42 +0200 Message-ID: <434F9DAE.6070607@ant.uni-bremen.de> Date: Fri, 14 Oct 2005 13:59:42 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050831 Debian/1.7.8-1sarge2 X-Accept-Language: en MIME-Version: 1.0 To: Victor Sudakov References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> In-Reply-To: <20051014064145.GA40856@admin.sibptus.tomsk.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Oct 2005 11:59:43 -0000 Victor Sudakov wrote: > Heinrich Rebehn wrote: > > > [dd] > >>Am i doing something wrong here? Why is the mask not propagated? > > > I am afraid the current umask prevents it. > You must set it to something like "umask 002" before you create your > files or directories (the group write bit matters here). > This does not always work: # # Show ACLs on current directory # -bash-2.05b$ getfacl . #file:. #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- -bash-2.05b$ getfacl -d . #file:. #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- # # create a dir with umask 022 and umask 000, then extract a tar ball # -bash-2.05b$ umask 0022 -bash-2.05b$ mkdir D1 -bash-2.05b$ umask 0 -bash-2.05b$ mkdir D2 -bash-2.05b$ !tar tar xzf /export/linux/root/debian/usr/local/src/TARS/STonX-0.6.5.tar.gz -bash-2.05b$ getfacl * #file:D1 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx # effective: r-x mask::r-x other::--- #file:D2 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx mask::rwx other::--- #file:STonX-0.6.5 #owner:624 #group:1022 user::rwx group::--- group:wiss:rwx # effective: --x mask::--x other::--x -bash-2.05b$ As you can see, it works for the dirs created by hand, but not for the dir created by tar. > >>Update: I saw a post suggesting using different umasks, but that did not >>work either (besides being a bit clumsy solution). > > > I agree it may be clumsy but it does work, I use it. > Set the user's umask from login.conf > It's not only clumsy, it doesn't even work reliably :-( I want to have members of the group "wiss" to have full control, no matter what tools are used to create the files (unless the user deliberately resets the ACLs, of course). Regards, Heinrich