On Mon, Apr 29, 2002 at 10:22:03PM -0800, Ethan Benson wrote:
> On Mon, Apr 29, 2002 at 08:34:02PM -0400, jtrostel@xxxxxxxxxxxxxx wrote:
> > default:user::rwx
> > default:user:a100:r--
> > default:group::r-x
> > default:mask::r-x
> > default:other::r-x
> > The default acl will be applied to foo_dir
> so please explain how to set a default acl which will grant user a100
> r-- for newly created files and r-x for newly created directories.
This is not a bug - it is the way it is :)
You'd really need separate defaul ACLs for files and dirs
as you suggested earlier.
And as mentioned previously, this kind of thing is achieved for normal
unix permissions by the userspace commands setting up the
appropriate mode parameter.
> > So both the default and the access acls on foo_dir are the same and include
> > an
> > entry of r-- for the additional user 'a100'.
> > >From the 'acl' man page:
> > If a default ACL is associated with a directory, the mode parameter to
> > the functions creating file objects and the default ACL of the
> > directory
> > are used to determine the ACL of the new object:
> > 1. The new object inherits the default ACL of the containing
> > directory
> > as its access ACL.
> > 2. The access ACL entries corresponding to the file permission bits
> > are
> > modified so that they contain no permissions that are not
> > contained
> > in the permissions specified by the mode parameter.
> the way i read this #2 should ensure that execute permission is
> removed from user a100 for file creation if the default acl lists
> a100:r-x, but thats not what occurs, user a100 is always given execute
> permission to the newly created file, which is not desired.
The mode bits specify the permissions, ugo, which parallel with
USER_OBJ, GROUP_OBJ (or MASK ACE if there is one) and OTHER ACEs
- not USER ACEs.