-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
#$ setfacl -m u:mf:r bla #$ getfacl bla # file: bla # owner: root # group: root user::rw- user:mf:r-- group::r-- mask::r-- other::r--
It is readable by mf like intended.
#$ chmod go-rwx bla #$ getfacl bla # file: bla # owner: root # group: root user::rw- user:mf:r-- #effective:--- group::r-- #effective:--- mask::--- other::---
It is not readable no more by mf which was not intended. Obviously the mask:: is cleared, but why ? OTOH group::r ?
Confused am i
- -- Regards, markus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 20/07/2010 02:17, Markus Falb wrote:
#$ setfacl -m u:mf:r bla #$ getfacl bla
...
It is readable by mf like intended.
#$ chmod go-rwx bla
...
It is not readable no more by mf which was not intended. Obviously the mask:: is cleared, but why ? OTOH group::r ?
to answer myself (from acl(5))
snip
The ACL_MASK entry denotes the maximum access rights that can be granted by entries of type ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.
The permissions defined for the file group correspond to the permissions of the ACL_GROUP_OBJ entry, if the ACL has no ACL_MASK entry. If the ACL has an ACL_MASK entry, then the permissions defined for the file group correspond to the permissions of the ACL_MASK entry.
snap
Confused am i
I tend to think of acls as an extended variant of the classical group permission now.
-
Markus Falb