Hi...
Andrew Gildfind wrote:
>
> On Tue, Mar 27, 2001 at 10:51:42AM -0500, John Trostel wrote:
> > I am seeing some strange behavior with both ACL inheritance and chacl
> > operation. Does anyone else see this or is my build faulty?
> >
> > I started with a freshly formatted xfs partition on /mnt/xfs_part.
> >
> > I set the access, default and mask ACLs for this parition as follows:
> >
> > [...]
> >
> > Not good... Shouldn't this get the default ACLs u::rwx,g::rwx,o::rwx ?
>
> I'm not precisely sure of the semantics of ACL inheritance, but I noticed
> when playing around with this that the inherited ACL was modified by
> different umasks... I'll have to look into this further.
We saw the same behaviour with our builts. After a few tests, we confirmed that
"umask" was changing the active mask of the ACL and therefore limiting the real
accesses.
But... shouldn't "umask" be ignored in ACL where a mask is present?
Otherwise it seems that the flexibility of the ACLs is lost...
For example:
[cgs@cgs] umask
022
[cgs@cgs] id
uid=716(cgs) gid=100(users) groups=100(users),506(ad_design)
[cgs@cgs] chacl -l design
design
[u::rwx,g:ad_design:rwx,g::---,o::---,m::rwx/u::rwx,g:ad_design:rwx,g::---,o::---,m::rwx]
[cgs@cgs] mkdir design/test
[cgs@cgs] chacl -l design/test
design/test
[u::rwx,g:ad_design:rwx,g::---,o::---,m::r-x/u::rwx,g:ad_design:rwx,g::---,o::---,m::rwx]
Note that now the mask has the value m::r-x! And of course another user from
geoup ad_design can't write in design/test...
By setting umask to 002 we get the correct mask m::rwx (and access rights),
but it seems "wrong"... Or am I completely mistaken?
Thanx,
Carlos.
--
Carlos Gamboa Dos Santos Carlos.Gamboa@xxxxxx
International Electronics & Engineering
Tel: (+352) 42 47 37-280 Fax: (+352) 42 47 37-200
|