Hello,
I'm trying to use ACLs to give a specific group full, recursive read access to a directory and its files.
I've been successful, but noticed one caveat that may be expected behavior - if the file's owner uses chmod (e.g. chmod 600), the ACL group loses access. This does make sense, but ideally, the desired group(s) in the ACLs would retain their access.
I'd like to avoid having users lock certain groups specified using ACLS out of things by using something such as 'chmod 600'.
I've messed with setting the default mask and such, but chmod seems to trump whatever I'm doing (which, I understand, is likely expected).
Am I missing something, or are there any suggestions on how to acheive what I'm after? Short of a cron job to 'fix' ACLs in such locations, I'm not sure. I guess what I'm after is ACL inheritance, which ext3 doesn't seem to support(?)
Though it's currently an ext3 file system, it's not too late to change to something that might have better ACL implementation.
Thanks!
Here's an example of what I'm doing:
Code:
% mkdir test
% setfacl -R -m d:g:sysops:rwx test
% getfacl --omit-header test
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:sysops:rwx
default:mask::rwx
default:other::r-x
% touch test/testfile
% getfacl test/testfile
user::rw-
group::r-x #effective:r--
group:sysops:rwx #effective:rw-
mask::rw-
other::r--
% chmod 600 test/testfile
% getfacl test/testfile
user::rw-
group::r-x #effective:---
group:sysops:rwx #effective:---
mask::---
other::---
