Filesystem ACLs

Regarding getfacl and setfacl

What is the use of default and mask in filesystem ACLs?  How is default any different than "others" acls?  Please give examples
LVL 31
farzanjAsked:
Who is Participating?
 
fosiul01Commented:
Original permision

-rwx------+   1 root root         0 Mar 20 15:03 text2.txt

Before the acl apply :

getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--



after acl applied

[root@linuxftp /]# setfacl -m user:john:rx text2.txt
[root@linuxftp /]# getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rwx
user:john:r-x
group::r--
mask::r-x
other::---



here what is mask mean ??

mask mean, user file creation permission ..

so here what mask user got ?? rx, it has only read and execute permission thats all


does it make sense ??


about the umask

if you read the above link

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask mean, what the permission by default a user get when it creates a directory or file

in your linux box

if you type umask command from root and a normal user ..


[john@linuxftp /]$ umask
0002

[root@linuxftp /]# umask
0022

you will see different mask

which means

by default when root create a directory or file it has umask0022

and when john create a direcotry or file it has umask 00002








0
 
fosiul01Commented:


Hi ya

I am not clear with the question.. so i will try to explain from linux point of view

there are 2 things

umask and ACLS

Please read this one for umask

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html


and another one is : access control list

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-acls-setting.html


example :

there is a file call test.txt and it has permission like this

-rw-r--r--   1 root root         0 Feb 12 19:39 text.txt


now you just want a user John to write on this file without changing the file permission ,

then you can see access list

setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--


Now only johh will be able to edit that file no one else. so you just gave special permission to john without breaking the original file permission


0
 
farzanjAuthor Commented:
Thanks for the documentation links, both of which I had read many times in the past but the don't answer my question.

Regarding
setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--

What is mask above?  What is its use?

Also, what is default in the directories?  What is its use?
0
 
fosiul01Commented:
Please read Original permision as bellow


-rwx------   1 root root         0 Mar 20 15:03 text2.txt
0
 
farzanjAuthor Commented:
Thanks.  Would investigate.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.