Can someone explain this getfacl output?

StupidNewbie · 03-23-2010, 03:31 PM

Hey everyone. I'm looking for someone who can explain this output for me. I am trying to set up an ACL via Windows on a Samba share and it worked like I planned, but I think there might be ways I can fine tune it if I understand this better.

Code:

myServer:/myShare # getfacl myFolder
# file: myFolder
# owner: xxxxxxxxx
# group: xxxxxxxxx
user::rwx
user:someUser:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:someUser:rwx
default:group::---
default:mask::rwx
default:other::---

The names/etc have been changed here obviously, but this is what is put in when I added someUser from Active Directory via the Windows security dialogs.

I don't quite understand what the "mask" does or what all the "default" things are. Can someone who understands this output better than me give me some insight?

Thanks!

deadeyes · 03-23-2010, 04:50 PM

Quote:

Originally Posted by StupidNewbie

Hey everyone. I'm looking for someone who can explain this output for me. I am trying to set up an ACL via Windows on a Samba share and it worked like I planned, but I think there might be ways I can fine tune it if I understand this better.

Code:

myServer:/myShare # getfacl myFolder
# file: myFolder
# owner: xxxxxxxxx
# group: xxxxxxxxx
user::rwx
user:someUser:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:someUser:rwx
default:group::---
default:mask::rwx
default:other::---

The names/etc have been changed here obviously, but this is what is put in when I added someUser from Active Directory via the Windows security dialogs.

I don't quite understand what the "mask" does or what all the "default" things are. Can someone who understands this output better than me give me some insight?

Thanks!

default:user::rwx
default:user:someUser:rwx
default:group::---
default:mask::rwx
default

ther::---
These lines are used when you create a new directory in this directory or a new file in this directory.

The mask thing:

Quote:

This is the effective rights mask. This entry limits the effective rights granted to all ACL groups and ACL users. The traditional Unix User, Group, and Other entries are not affected. If the mask is more restrictive than the ACL permissions that you grant, then the mask takes precedence.

So if you have mask r--, then even if you give rwx to "tippy" this user would still get only r-- permissions:
user::rw-
user:axel:rw- #effective:r--
user:tippy:rwx #effective:r--
group::r--
group:lensmen:rwx #effective:r--
mask::r--
other::r--

Reference: http://www.vanemery.com/Linux/ACL/linux-acl.html

GazL · 03-23-2010, 05:01 PM

google is your friend:

http://www.informit.com/articles/art...seqNum=5&rll=1

StupidNewbie · 03-24-2010, 12:44 AM

Thanks guys, this is exactly what I needed. And FYI GazL I know how to use Google, I asked here because I wanted a better explanation than the ones I found there.

I had to ask the question in my own way to understand it.

DeadEyes, thanks, you explained it perfectly! I will be throwing up a write up here soon on the project I just finished since it took me almost 2 months to complete it due to lack of information. Hopefully it will help someone!

GazL · 03-24-2010, 12:56 PM

Quote:

Originally Posted by StupidNewbie

And FYI GazL I know how to use Google, I asked here because I wanted a better explanation than the ones I found there.

I simply provided you with a link to an article that answered both of your questions and pointed out that it was found by doing a google search. Why you chose to ask your question on this forum is entirely your concern.

Though my intent may have been to encourage a bit of self-reliance, there was certainly no sarcasm or insult intended, so please don't take the hump.

custangro · 03-24-2010, 01:01 PM

Quote:

Originally Posted by GazL

Though my intent may have been to encourage a bit of self-reliance, there was certainly no sarcasm or insult intended, so please don't take the hump.

I agree

-C