LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2013, 04:51 PM   #1
makupl
LQ Newbie
 
Registered: Sep 2013
Posts: 21

Rep: Reputation: Disabled
ACL vs default ACL


Hello.
I try to figureout.
What is the difference between ACL settings and default ACL settings?
For example.
setfacl -m o:rwx testdir
setfacl -m d: o:rwx testdir.

Thanks.

Last edited by makupl; 09-25-2013 at 04:54 PM. Reason: There is no space in command between d: o (otherwise gives emot in post)
 
Old 09-26-2013, 02:11 AM   #2
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,104

Rep: Reputation: 181Reputation: 181
setfacl -m o:rwx testdir - set access for the specified user

setfacl -m d: o:rwx testdir - set default rights plus a new set of rights specified on the command

check out this link : http://www.centos.org/docs/5/html/De...s-setting.html

text below from this link: http://www-uxsup.csx.cam.ac.uk/pub/d...00000000000000


A Directory with a Default ACL

Directories can be equipped with a special kind of ACL -- a default ACL. The default ACL defines the access permissions all objects under this directory inherit when they are created. A default ACL affects subdirectories as well as files.



Effects of a Default ACL

There are two different ways in which the permissions of a directory's default ACL are handed down to the files and subdirectories in it:


A subdirectory inherits the default ACL of the parent directory both as its own default ACL and as an access ACL.
A file inherits the default ACL as its own access ACL.
All system calls that create file system objects use a mode parameter that defines the access permissions for the newly created file system object:


If the parent directory does not have a default ACL, the permission bits as defined by the umask are subtracted from the permissions as passed by the mode parameter, with the result being assigned to the new object.
If a default ACL exists for the parent directory, the permission bits assigned to the new object correspond to the overlapping portion of the permissions of the mode parameter and those that are defined in the default ACL. The umask is disregarded.


Application of Default ACLs

The following three examples show the main operations for directories and default ACLs:


Creating a default ACL for an existing directory
Creating a subdirectory in a directory with default ACL
Creating a file in a directory with default ACL

Add a default ACL to the existing directory mydir:

setfacl -d -m group:djungle:r-x mydir

The option -d of the setfacl command prompts setfacl to perform the following modifications (option -m) in the default ACL.

Take a closer look at the result of this command:


getfacl mydir

# file: mydir

# owner: tux

# group: project3


user::rwx


user:jane:rwx


group::r-x


group:djungle:rwx


mask::rwx


other::---


default:user::rwx


default:group::r-x


default:group:djungle:r-x


default:mask::r-x


default: other::---

Last edited by JJJCR; 09-26-2013 at 02:12 AM. Reason: edit
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Default ACL and permissions inheritance mikemrh9 Linux - Security 5 07-05-2016 07:19 AM
problem with samba and ACL ,ACL does not work as I want golden_boy615 Linux - Server 1 12-18-2011 10:18 AM
Why does the ACL of a file created under a directory differ from the default ACL sctebnt Linux - Security 5 12-02-2011 09:13 AM
Default file ownership and ACL sbabcock23 Linux - Security 2 04-17-2009 04:02 AM
iptables acl versus cisco acl id_viorel Linux - Security 1 04-09-2008 06:00 AM


All times are GMT -5. The time now is 07:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration