ACLs - Mask - permissions defined in the owner and owning group entries
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ACLs - Mask - permissions defined in the owner and owning group entries
First of all, thank you for reading this. I'm new to POSIX ACLs, so I've been doing a lot of reading on the subject. I found many sources, one of those being the openSUSE Security Guide.
In both of these versions (with 12.1 where I first found it mentioned):
All permissions defined in the owner and owning group entries are always effective.
Here is that same statement with the surrounding text for context:
Quote:
The mask entry further limits the permissions granted by named user, named group, and owning group entries by defining which of the permissions in those entries are effective and which are masked. If permissions exist in one of the mentioned entries as well as in the mask, they are effective. Permissions contained only in the mask or only in the actual entry are not effective—meaning the permissions are not granted. All permissions defined in the owner and owning group entries are always effective.
However I've found two other sources which seem to say otherwise. One is the man page for getfacl and the other is "UNIX and Linux System Administration Handbook, 4th Edition".
Lines 5, 7 and 10 correspond to the user, group and other fields of the file mode permission bits. These three are called the base ACL entries. Lines 6 and 8 are named user and named group entries. Line 9 is the effective rights mask. This entry limits the effective rights granted to all groups and to named users. (The file owner and others permissions are not affected by the effective rights mask; all other entries are.)
The "to all groups" and "all other entries" implies that the owner group (or "default/primary" group) IS affected, which is in contrast to what the openSUSE documentation says.
UNIX and Linux System Administration Handbook, 4th Edition has this to say:
Quote:
The mask limits the access that the ACL can confer upon all named users, all named groups, and the default group.
That seems to directly confirm what the man page says, i.e., [em]the traditional UNIX group (primary, default) IS affected by the ACL Mask.[/em]
Unix, Irix, Linux, BSD, etc. are their own systems. Even in Linux, different distros can handle ACLs differently simply because they have different versions of the same software installed across them. A good rule of thumb for learning any topic in this space is to use the Internet sources to augment your understanding but use the manual pages of your working system as the source of truth for behavior and usage. This applies to anything you learn in the *nix family of operating systems. I realize I didn't answer your question directly but hopefully you can use that advice to find the answer you need.
I need an understanding here, when I set the ACL permissions to certain files on Unix/Linux and transfer these files to Windows, will these file permissions remains same ? to make these file permissions consistent, what is that required to capture and modify ? W.R.T ACL security ?
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is a duplicate, further discussion of this issue should continue here.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.