LinuxQuestions.org - Use of the "effective rights mask"

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Use of the "effective rights mask" (https://www.linuxquestions.org/questions/linux-newbie-8/use-of-the-effective-rights-mask-601452/)

Use of the "effective rights mask"

Hey everyone,

Small question regarding ACLs (access control lists): can you give me some usage scenarios for the "effective rights mask"? It doesn't apply to the "owner" or "other" users but can affect all other users/groups. Why?!
What is so special about "other" users? Ok, I could use it to restrict users afterwards (doesn't seem the right way...!) ... it doesn't look useful at all ???!

Code:

[iggi@localhost ~]$ getfacl file

# file: file

# owner: iggi

# group: iggi

user::rw-

user:bin:rw-                    #effective:r--

user:ftp:rw-                    #effective:r--

group::rw-                      #effective:r--

mask::r--

other::rw-

Quote:

The line mask:r-- is somewhat special: it displays the effective rights mask. This entry limits the effective rights granted to all groups and to named users. (The file owner and others permissions are not affected by the effective rights mask; all other entries are.)

regards, Dirk

Sounds like it's a max rights limit ie stops you (or anyone else) accidentally granting more rights than you wanted to eg named users.
In general, you'd want all rights to yourself, none to others, and then fine-grained rights to a few people (or groups) that you want to share with, but different rights for each.
Unix's ugo => rwx perms std doesn't go that far.