setfacl

erat123 · 05-27-2007, 08:00 PM

I'm trying to add acl's to my linux permissions. I got the drive re-mounted with the acl's, and everything is working fine there, but well, here's the problem:

i have a directory:
/something/mydir

and i initially set the chmod of /something/mydir to 0700

then, i allow two of my users rwx access to that directory (mydir) using acl's:

setfacl -m u:bob:rwx /something/mydir
setfacl -m u:tom:rwx /something/mydir
setfacl -dm u:bob:rwx /something/mydir
setfacl -dm u:tom:rwx /something/mydir

that works fine, bob and tom are able to add new files and folders, but the problem is, all files (not directories) have rwx attributes, but i want files to only have rw- attributes and directories to have rwx.

does anyone know an answer for this?

anomie · 05-30-2007, 09:55 AM

I can not recreate the problem you are describing (on a CentOS box, incidentally).

Post the getfacl for one of the files your user created which you think he has rwx permissions for. e.g.

Code:

[helen@troy acl-test]$ getfacl test-file 
# file: test-file
# owner: helen
# group: helen
user::rw-
user:helen:rwx                  #effective:rw-
group::r-x                      #effective:r--
mask::rw-
other::r--

(Notice the '#effective:rw-' portion to the right. Did you actually have one of the users try executing a file he created?)

erat123 · 05-30-2007, 11:16 PM

I've been doing some more research, or rather, learning on this, and I understand it much better now. I think I answered my own question. But, I do have another one...

with setfacl, If if have a user Joe. Joe creates a directory, I would like that directory to be drwxrwx--x. And now joe creates a file in that directory and the permissions are -rw-rw-r--. I cant find a way to do this with masks in acl's or anything.

Thanks for the reply though!