Hello everyone,
I'm doing some tests with ACL's and even though I can create a "default" ACL for a directory (that includes "rwx" for the default owner), when I finally create a file wihin that directory the execute bit is chopped off:
[joe@machine ~]$ mkdir mydir [joe@machine ~]$ setfacl -d -m u::rwx,g::-,o::- mydir/
[joe@machine ~]$ cd mydir [joe@machine mydir]$ touch testFile.txt [joe@machine mydir]$ ls -l testFile.txt
-rw------- 1 joe joe 0 Oct 29 21:14 testFile.txt
I don't think umask is involved here. As far as I know umask isn't involved when dealing with default ACL's. Anyhow, I'm pretty sure this is by design (security-wise). Is there any way to override this behaviour?
Thanks, Jorge
Jorge Fábregas wrote:
I don't think umask is involved here. As far as I know umask isn't involved when dealing with default ACL's. Anyhow, I'm pretty sure this is by design (security-wise). Is there any way to override this behaviour?
It's been eons since I played with acls, but I thought you can only view acls via getfacl(or other similar commands) ls -l doesn't do anything to show acls, only unix-style permissions.
nate
On Thursday 29 October 2009 10:32:30 pm nate wrote:
It's been eons since I played with acls, but I thought you can only view acls via getfacl(or other similar commands) ls -l doesn't do anything to show acls, only unix-style permissions.
Hello nate,
Yes, I use getfacl to see the ACLs but in this case I used a "default ACL" that sets "regular permissions" on new files and thus any new file won't have actually an ACL. In my case, the new file looks like:
-rw------- 1 joe joe 0 Oct 29 21:14 testFile.txt
If It had any ACL on it... a plus sign would appear at the end of the permission bits, like this:
-rw-------+ 1 joe joe 0 Oct 29 21:14 testFile.txt
Best regards, Jorge
On Oct 30, 2009, at 7:13 AM, Jorge Fábregas jorge.fabregas@gmail.com wrote:
On Thursday 29 October 2009 10:32:30 pm nate wrote:
It's been eons since I played with acls, but I thought you can only view acls via getfacl(or other similar commands) ls -l doesn't do anything to show acls, only unix-style permissions.
Hello nate,
Yes, I use getfacl to see the ACLs but in this case I used a "default ACL" that sets "regular permissions" on new files and thus any new file won't have actually an ACL. In my case, the new file looks like:
-rw------- 1 joe joe 0 Oct 29 21:14 testFile.txt
If It had any ACL on it... a plus sign would appear at the end of the permission bits, like this:
-rw-------+ 1 joe joe 0 Oct 29 21:14 testFile.txt
Umask always applies on the top-level unix perms. The 077 mask is sensible here, making the owner the only one with access if the ACL is clobbered.
The + means there are ACLs/xattrs below, you need to use getfacl to see them.
-Ross
-
Jorge Fábregas -
nate -
Ross Walker