Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Filesystem ACLs

Posted on 2011-03-18
5
Medium Priority
?
669 Views
Last Modified: 2012-05-11
Regarding getfacl and setfacl

What is the use of default and mask in filesystem ACLs?  How is default any different than "others" acls?  Please give examples
0
Comment
Question by:farzanj
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 35172359


Hi ya

I am not clear with the question.. so i will try to explain from linux point of view

there are 2 things

umask and ACLS

Please read this one for umask

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html


and another one is : access control list

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-acls-setting.html


example :

there is a file call test.txt and it has permission like this

-rw-r--r--   1 root root         0 Feb 12 19:39 text.txt


now you just want a user John to write on this file without changing the file permission ,

then you can see access list

setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--


Now only johh will be able to edit that file no one else. so you just gave special permission to john without breaking the original file permission


0
 
LVL 31

Author Comment

by:farzanj
ID: 35175456
Thanks for the documentation links, both of which I had read many times in the past but the don't answer my question.

Regarding
setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--

What is mask above?  What is its use?

Also, what is default in the directories?  What is its use?
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 1000 total points
ID: 35175562
Original permision

-rwx------+   1 root root         0 Mar 20 15:03 text2.txt

Before the acl apply :

getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--



after acl applied

[root@linuxftp /]# setfacl -m user:john:rx text2.txt
[root@linuxftp /]# getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rwx
user:john:r-x
group::r--
mask::r-x
other::---



here what is mask mean ??

mask mean, user file creation permission ..

so here what mask user got ?? rx, it has only read and execute permission thats all


does it make sense ??


about the umask

if you read the above link

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask mean, what the permission by default a user get when it creates a directory or file

in your linux box

if you type umask command from root and a normal user ..


[john@linuxftp /]$ umask
0002

[root@linuxftp /]# umask
0022

you will see different mask

which means

by default when root create a directory or file it has umask0022

and when john create a direcotry or file it has umask 00002








0
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 1000 total points
ID: 35175566
Please read Original permision as bellow


-rwx------   1 root root         0 Mar 20 15:03 text2.txt
0
 
LVL 31

Author Closing Comment

by:farzanj
ID: 35383634
Thanks.  Would investigate.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how using thread_statistics can cause high memory usage.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question