unix/setfacl: set directory default acl for correct permission inheritance
Solution 1
well, i should've just read the manual...
https://web.archive.org/web/20151220084629/http://turing.suse.de/~agruen/acl/linux-acls/online/
Section 'How ACLs Work'
my group bit was to restrictive (r-w), which restricted the mask to r-x, and subsequently the named users in my ACL could not write
actually, it's rather simple :)
Solution 2
I cannot reproduce what you get; I get the expected behaviour whether I include the m:rwx or not. This is on a Linux Ubuntu 10.04 LTS (Lucid Lynx) with kernel 2.6.32-24-generic, the ext4 filesystem and setfacl v. 2.2.49: (Users 'bhm' and 'test')
$ pwd
/data/musikk/dir
$ setfacl -b .
$ setfacl -m u:bhm:rwx,u:test:rwx,m:rwx .
$ setfacl -dm u:bhm:rwx,u:test:rwx,m:rwx .
$ getfacl .
# file: .
# owner: bhm
# group: bhm
user::rwx
user:bhm:rwx
user:test:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:bhm:rwx
default:user:test:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
$ su -s /bin/bash test
Password:
test@hva:/data/musikk/dir$ mkdir testdir
test@hva:/data/musikk/dir$ getfacl testdir
# file: testdir
# owner: test
# group: test
user::rwx
user:bhm:rwx
user:test:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:bhm:rwx
default:user:test:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
fholzer
Updated on September 17, 2022Comments
-
fholzer over 1 year
I have several svn repositories in /projects/svn which should be writeable by 2 users, mine (unix), and wwwrun (apache, for svn over http)
newly created folders and file should be read/writeable by both users
i played around with setfacl but couldn't get it working the way i need it
my attempt was as follows:
unknown:/projects/svn # setfacl -b . unknown:/projects/svn # setfacl -m u:unix:rwx,u:wwwrun:rwx,m:rwx . unknown:/projects/svn # setfacl -dm u:unix:rwx,u:wwwrun:rwx,m:rwx . unknown:/projects/svn # getfacl . # file: . # owner: unix # group: users user::rwx user:wwwrun:rwx user:unix:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:wwwrun:rwx default:user:unix:rwx default:group::r-x default:mask::rwx default:other::r-x unknown:/projects/svn # su -s /bin/bash wwwrun wwwrun@unknown:/projects/svn> md test wwwrun@unknown:/projects/svn> getfacl test # file: test # owner: wwwrun # group: www user::rwx user:wwwrun:rwx #effective:r-x user:unix:rwx #effective:r-x group::r-x mask::r-x other::r-x default:user::rwx default:user:wwwrun:rwx default:user:unix:rwx default:group::r-x default:mask::rwx default:other::r-x wwwrun@unknown:/projects/svn>
as you can see, my user (unix) has only r-x (as effective) permissions
-
fholzer over 13 yearsnow the mask is automatically calculated, which results in a default:mask:rwx and mask:r-x => again, effective permissions: r-x is what i want actually possible access control lists
-
fholzer over 13 yearshm, that's strange, i run openSUSE 11.2, Linux 2.6.34.1-default, setfacl 2.2.48. I tried it again, with different users and different directories. i can't figure out why it doesn't work for me...
-
David Gardner over 7 yearsLink now dead - please add the actual content instead :)
-
fholzer over 7 yearswaybackmachine has a snapshot of the link. just updated it; only one image is missing