Solved

Filesystem ACLs

Posted on 2011-03-18
5
618 Views
Last Modified: 2012-05-11
Regarding getfacl and setfacl

What is the use of default and mask in filesystem ACLs?  How is default any different than "others" acls?  Please give examples
0
Comment
Question by:farzanj
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 35172359


Hi ya

I am not clear with the question.. so i will try to explain from linux point of view

there are 2 things

umask and ACLS

Please read this one for umask

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html


and another one is : access control list

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-acls-setting.html


example :

there is a file call test.txt and it has permission like this

-rw-r--r--   1 root root         0 Feb 12 19:39 text.txt


now you just want a user John to write on this file without changing the file permission ,

then you can see access list

setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--


Now only johh will be able to edit that file no one else. so you just gave special permission to john without breaking the original file permission


0
 
LVL 31

Author Comment

by:farzanj
ID: 35175456
Thanks for the documentation links, both of which I had read many times in the past but the don't answer my question.

Regarding
setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--

What is mask above?  What is its use?

Also, what is default in the directories?  What is its use?
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 35175562
Original permision

-rwx------+   1 root root         0 Mar 20 15:03 text2.txt

Before the acl apply :

getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--



after acl applied

[root@linuxftp /]# setfacl -m user:john:rx text2.txt
[root@linuxftp /]# getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rwx
user:john:r-x
group::r--
mask::r-x
other::---



here what is mask mean ??

mask mean, user file creation permission ..

so here what mask user got ?? rx, it has only read and execute permission thats all


does it make sense ??


about the umask

if you read the above link

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask mean, what the permission by default a user get when it creates a directory or file

in your linux box

if you type umask command from root and a normal user ..


[john@linuxftp /]$ umask
0002

[root@linuxftp /]# umask
0022

you will see different mask

which means

by default when root create a directory or file it has umask0022

and when john create a direcotry or file it has umask 00002








0
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 250 total points
ID: 35175566
Please read Original permision as bellow


-rwx------   1 root root         0 Mar 20 15:03 text2.txt
0
 
LVL 31

Author Closing Comment

by:farzanj
ID: 35383634
Thanks.  Would investigate.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now