Date: Sun, 16 Sep 2012 13:02:21 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Matthias Apitz <guru@unixarea.de> Cc: Matthew Seaman <matthew@freebsd.org>, freebsd-questions@freebsd.org Subject: Re: What are negative permissions? Message-ID: <CAHu1Y72kt22JmWR1CpaQT%2B4=oQXgdEVkFxjWYge%2B7E_tDHGC7Q@mail.gmail.com> In-Reply-To: <20120916195013.GA1358@tiny.Sisis.de> References: <50562121.2030507@dreamchaser.org> <50562A8C.9040504@FreeBSD.org> <20120916195013.GA1358@tiny.Sisis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 16, 2012 at 12:50 PM, Matthias Apitz <guru@unixarea.de> wrote: > El d=EDa Sunday, September 16, 2012 a las 08:37:48PM +0100, Matthew Seama= n > escribi=F3: > > > It's where the group ownership of a file gives it fewer permissions tha= n > > are allowed for the world in general. > > > > Suppose you have a file with these permissions and ownership: > > > > foo bar -rwx---r-x > > > > ... > > So far so good (and correct) the theory. But, could you imagine a real > world example where this makes any sense? > Group permissions are rather blunt, and if you want fine-grained access controls, you'll need to enable ACLs. However... Imagine, if you will, a group entitled "guest," with the semantics you might normally associate with that name - then using negative group permissions on a directory effectively prevents traversal beyond that point for members of that group. - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y72kt22JmWR1CpaQT%2B4=oQXgdEVkFxjWYge%2B7E_tDHGC7Q>