Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey everyone. I'm looking for someone who can explain this output for me. I am trying to set up an ACL via Windows on a Samba share and it worked like I planned, but I think there might be ways I can fine tune it if I understand this better.
The names/etc have been changed here obviously, but this is what is put in when I added someUser from Active Directory via the Windows security dialogs.
I don't quite understand what the "mask" does or what all the "default" things are. Can someone who understands this output better than me give me some insight?
Hey everyone. I'm looking for someone who can explain this output for me. I am trying to set up an ACL via Windows on a Samba share and it worked like I planned, but I think there might be ways I can fine tune it if I understand this better.
The names/etc have been changed here obviously, but this is what is put in when I added someUser from Active Directory via the Windows security dialogs.
I don't quite understand what the "mask" does or what all the "default" things are. Can someone who understands this output better than me give me some insight?
Thanks!
default:user::rwx
default:user:someUser:rwx
default:group::---
default:mask::rwx
defaultther::---
These lines are used when you create a new directory in this directory or a new file in this directory.
The mask thing:
Quote:
This is the effective rights mask. This entry limits the effective rights granted to all ACL groups and ACL users. The traditional Unix User, Group, and Other entries are not affected. If the mask is more restrictive than the ACL permissions that you grant, then the mask takes precedence.
So if you have mask r--, then even if you give rwx to "tippy" this user would still get only r-- permissions:
user::rw-
user:axel:rw- #effective:r--
user:tippy:rwx #effective:r--
group::r--
group:lensmen:rwx #effective:r--
mask::r--
other::r--
Thanks guys, this is exactly what I needed. And FYI GazL I know how to use Google, I asked here because I wanted a better explanation than the ones I found there.
I had to ask the question in my own way to understand it.
DeadEyes, thanks, you explained it perfectly! I will be throwing up a write up here soon on the project I just finished since it took me almost 2 months to complete it due to lack of information. Hopefully it will help someone!
And FYI GazL I know how to use Google, I asked here because I wanted a better explanation than the ones I found there.
I simply provided you with a link to an article that answered both of your questions and pointed out that it was found by doing a google search. Why you chose to ask your question on this forum is entirely your concern.
Though my intent may have been to encourage a bit of self-reliance, there was certainly no sarcasm or insult intended, so please don't take the hump.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.