From owner-freebsd-questions@FreeBSD.ORG Tue Oct 9 15:21:50 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA7CC16A417 for ; Tue, 9 Oct 2007 15:21:50 +0000 (UTC) (envelope-from josh@endries.org) Received: from www.endries.org (www.endries.org [216.230.164.2]) by mx1.freebsd.org (Postfix) with ESMTP id 9D68E13C459 for ; Tue, 9 Oct 2007 15:21:50 +0000 (UTC) (envelope-from josh@endries.org) Received: from localhost (localhost.endries.org [127.0.0.1]) by www.endries.org (Postfix) with ESMTP id EF9AEA664AF for ; Tue, 9 Oct 2007 11:00:48 -0400 (EDT) X-Virus-Scanned: amavisd-new at endries.org Received: from www.endries.org ([127.0.0.1]) by localhost (www.endries.org [127.0.0.1]) (amavisd-new, port 10025) with LMTP id 3-pUFpd8NSld for ; Tue, 9 Oct 2007 11:00:43 -0400 (EDT) Received: from [192.168.0.135] (elm.pragmeta.com [216.230.166.9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by www.endries.org (Postfix) with ESMTP id A5DC9A664B0 for ; Tue, 9 Oct 2007 11:00:43 -0400 (EDT) Message-ID: <470B9799.8080601@endries.org> Date: Tue, 09 Oct 2007 11:00:41 -0400 From: Josh Endries User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ACL mask problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2007 15:21:50 -0000 Hello, I'm getting quite annoyed at ACLs. I don't understand why this is happening: I have a directory that gets subdirectories created by a web script, but for some reason those directories have different permissions. Here is the parent's default ACL, which as I understand it should be what subdirectories are created with: # getfacl -d private/logs/mail/2007 #file:private/logs/mail/2007 #owner:1005 #group:1005 user::rwx user:www:rwx user:rsync:rwx group::rwx mask::rwx other::--- This is the ACL of a directory created by the script: # getfacl private/logs/mail/2007/10 #file:private/logs/mail/2007/10 #owner:1005 #group:1005 user::rwx user:www:rwx # effective: r-x user:rsync:rwx # effective: r-x group::rwx # effective: r-x mask::r-x other::--- This unfortunately prevents Apache from writing it's log files. Why did the mask change? I know there's some link between the mask and group permissions, or something weird like that, but I thought group being rwx and mask rwx would cause the new mask to also be rwx...maybe other is causing the issue? That seems pretty dumb to me. I've read various pages on ACLs, including the handbook, and I haven't been able to understand this. :( Thanks, Josh