Solved

Filesystem ACLs

Posted on 2011-03-18
5
639 Views
Last Modified: 2012-05-11
Regarding getfacl and setfacl

What is the use of default and mask in filesystem ACLs?  How is default any different than "others" acls?  Please give examples
0
Comment
Question by:farzanj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 35172359


Hi ya

I am not clear with the question.. so i will try to explain from linux point of view

there are 2 things

umask and ACLS

Please read this one for umask

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html


and another one is : access control list

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-acls-setting.html


example :

there is a file call test.txt and it has permission like this

-rw-r--r--   1 root root         0 Feb 12 19:39 text.txt


now you just want a user John to write on this file without changing the file permission ,

then you can see access list

setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--


Now only johh will be able to edit that file no one else. so you just gave special permission to john without breaking the original file permission


0
 
LVL 31

Author Comment

by:farzanj
ID: 35175456
Thanks for the documentation links, both of which I had read many times in the past but the don't answer my question.

Regarding
setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--

What is mask above?  What is its use?

Also, what is default in the directories?  What is its use?
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 35175562
Original permision

-rwx------+   1 root root         0 Mar 20 15:03 text2.txt

Before the acl apply :

getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--



after acl applied

[root@linuxftp /]# setfacl -m user:john:rx text2.txt
[root@linuxftp /]# getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rwx
user:john:r-x
group::r--
mask::r-x
other::---



here what is mask mean ??

mask mean, user file creation permission ..

so here what mask user got ?? rx, it has only read and execute permission thats all


does it make sense ??


about the umask

if you read the above link

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask mean, what the permission by default a user get when it creates a directory or file

in your linux box

if you type umask command from root and a normal user ..


[john@linuxftp /]$ umask
0002

[root@linuxftp /]# umask
0022

you will see different mask

which means

by default when root create a directory or file it has umask0022

and when john create a direcotry or file it has umask 00002








0
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 250 total points
ID: 35175566
Please read Original permision as bellow


-rwx------   1 root root         0 Mar 20 15:03 text2.txt
0
 
LVL 31

Author Closing Comment

by:farzanj
ID: 35383634
Thanks.  Would investigate.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question