Problem with default ACLs and mask
Heinrich Rebehn
rebehn at ant.uni-bremen.de
Tue Oct 18 04:11:16 PDT 2005
Victor Sudakov wrote:
> Heinrich Rebehn wrote:
>
>>Why is the write bit of the mask reset when removing write perms for
>>group? Is this really intended?
>
>
> Yes, it is intended, whether it was a good idea or not.
>
> Quoting from setfacl(1)
>
> Traditional POSIX interfaces acting on file system object modes have mod-
> ified semantics in the presence of POSIX.1e extended ACLs. When a mask
> entry is present on the access ACL of an object, the mask entry is sub-
> stituted for the group bits; this occurs in programs such as stat(1) or
>
>> ls(1). When the mode is modified on an object that has a mask entry, the
>> changes applied to the group bits will actually be applied to the mask
>> entry. These semantics provide for greater application compatibility:
>
> applications modifying the mode instead of the ACL will see conservative
> behavior, limiting the effective rights granted by all of the additional
> user and group entries; this occurs in programs such as chmod(1).
>
>
Very sad :-( It really seems to be impossible to implment something like
a "Group Manager" enabling me to delegate priviliges for a group of
users to some non-root person.
Where is that code located so i could patch it myself?
--Heinrich
More information about the freebsd-fs
mailing list