Hi Sebastian,
On Sat, Jun 09, 2001 at 09:59:23AM +0200, Sebastian Dransfeld wrote:
>
> I have this directory acl:
> u::rwx,g::r-x,o::r-x,u:sebastid:rwx,m::r-x
>
I presume you mean directory _default_ acl.
> A file created gets this acl:
> u::rw-,g::r-x,o::r--,u:sebastid:rwx,m::r--
>
> Why does the 'x' only get stripped from default user, other and mask?
>
Ok, after looking at the Posix ACL standard, code,
discussing with ajag@xxxxxxx, ...
When the access ACL for a file of a directory with a default ACL
is created, it's ACE permissions are set by _intersection_ of the
respective default ACEs permission bits and the mode bits of the
parameter to open/creat.
So if the creat mode bits don't have the execute (x) bit set for user
and other (which will depend on the application you use which makes the
create/open call), then nor will the USER_OBJ ACEs and OTHER ACEs.
Which is what you saw.
The GROUP_OBJ ACE is treated differently if a MASK ACE exists, as
is the case in your example above. If we have a MASK ACE (see 5.3.1.2),
then the GROUP_OBJ ACE is left alone, and the MASK ACE
is intersected with the group permission bits of the creat parameter.
The std group permissions bits on the file, however, are updated
accordingly.
If you did an "ls -l" on the file, then you would see that the
group permission bits match the MASK ACE permission bits (see 23.1.2)
that you see with "chacl -l".
(If there was no MASK ACE then the GROUP_OBJ ACE would be intersected
with the group permissions as expected).
I hope I haven't confused you.
The standard can be equally confusing ;-)
The withdrawn Posix ACL standard can be downloaded at:
http://wt.xpilot.org/posix.1e/download.html
Andreas Gruenbacher's site has some useful info:
http://acl.bestbits.at
Cheers,
--Tim
|