From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 16 20:02:22 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E60CC1065670
	for <freebsd-questions@freebsd.org>;
	Sun, 16 Sep 2012 20:02:22 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: from mail-we0-f182.google.com (mail-we0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 6C3FC8FC16
	for <freebsd-questions@freebsd.org>;
	Sun, 16 Sep 2012 20:02:22 +0000 (UTC)
Received: by weyx56 with SMTP id x56so4121592wey.13
	for <freebsd-questions@freebsd.org>;
	Sun, 16 Sep 2012 13:02:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:x-gm-message-state;
	bh=OdhgSrABxrVntbhZTcF2iP4g+LLJxITLhu/dWDmZtMQ=;
	b=jv9K/kPF+Q85laYtSy/MSthzVAVlw8cDNYJwHM3Y7OKWirePxQoA8R52o3F0m1fa4i
	QUOVV0Y5tSY+JRKrSJ7ILVy7+gfQt3Am7WM6tsqoaZ+WNAzbU9zz0aFbxSxlhthE6uye
	0KbnJnjPtTg7oM8UY7ek7fbM911pDSLYTwRmRHbSLAoIxj7Y21DSvHc2hc0kSGX/jVfB
	9f4YLUSbi95ie+QJmTQzE1SokuOhrrjWHDF+AefT+0pFxFy7LeqWTOsBGltw09fZ7Tzb
	qkO66g2ItoHnHWm2ssX2B6BPUHzHM3I1KfQrjx67lxLme7ik/xR+OMi+Ra1O2sQBFhbi
	xSxA==
MIME-Version: 1.0
Received: by 10.216.30.136 with SMTP id k8mr5125080wea.103.1347825741223; Sun,
	16 Sep 2012 13:02:21 -0700 (PDT)
Received: by 10.223.129.3 with HTTP; Sun, 16 Sep 2012 13:02:21 -0700 (PDT)
In-Reply-To: <20120916195013.GA1358@tiny.Sisis.de>
References: <50562121.2030507@dreamchaser.org> <50562A8C.9040504@FreeBSD.org>
	<20120916195013.GA1358@tiny.Sisis.de>
Date: Sun, 16 Sep 2012 13:02:21 -0700
Message-ID: <CAHu1Y72kt22JmWR1CpaQT+4=oQXgdEVkFxjWYge+7E_tDHGC7Q@mail.gmail.com>
From: Michael Sierchio <kudzu@tenebras.com>
To: Matthias Apitz <guru@unixarea.de>
X-Gm-Message-State: ALoCoQnTTjuZ+ByYFWLgGNLb6GABKS657glSmyHzNqpNBB6mw0pEEIhHy6JH/q5UT1faU2sbZeKf
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: Matthew Seaman <matthew@freebsd.org>, freebsd-questions@freebsd.org
Subject: Re: What are negative permissions?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2012 20:02:23 -0000

On Sun, Sep 16, 2012 at 12:50 PM, Matthias Apitz <guru@unixarea.de> wrote:

> El d=EDa Sunday, September 16, 2012 a las 08:37:48PM +0100, Matthew Seama=
n
> escribi=F3:
>
> > It's where the group ownership of a file gives it fewer permissions tha=
n
> > are allowed for the world in general.
> >
> > Suppose you have a file with these permissions and ownership:
> >
> > foo bar -rwx---r-x
> >
> > ...
>
> So far so good (and correct) the theory. But, could you imagine a real
> world example where this makes any sense?
>

Group permissions are rather blunt, and if you want fine-grained access
controls, you'll need to enable ACLs.  However...

Imagine, if you will, a group entitled "guest," with the semantics you
might normally associate with that name - then using negative group
permissions on a directory effectively prevents traversal beyond that point
for members of that group.

- M