?
Solved

Filesystem ACLs

Posted on 2011-03-18
5
Medium Priority
?
652 Views
Last Modified: 2012-05-11
Regarding getfacl and setfacl

What is the use of default and mask in filesystem ACLs?  How is default any different than "others" acls?  Please give examples
0
Comment
Question by:farzanj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 35172359


Hi ya

I am not clear with the question.. so i will try to explain from linux point of view

there are 2 things

umask and ACLS

Please read this one for umask

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html


and another one is : access control list

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-acls-setting.html


example :

there is a file call test.txt and it has permission like this

-rw-r--r--   1 root root         0 Feb 12 19:39 text.txt


now you just want a user John to write on this file without changing the file permission ,

then you can see access list

setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--


Now only johh will be able to edit that file no one else. so you just gave special permission to john without breaking the original file permission


0
 
LVL 31

Author Comment

by:farzanj
ID: 35175456
Thanks for the documentation links, both of which I had read many times in the past but the don't answer my question.

Regarding
setfacl -m user:john:rwx text.txt

getfacl text.txt
# file: text.txt
# owner: root
# group: root
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--

What is mask above?  What is its use?

Also, what is default in the directories?  What is its use?
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 1000 total points
ID: 35175562
Original permision

-rwx------+   1 root root         0 Mar 20 15:03 text2.txt

Before the acl apply :

getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--



after acl applied

[root@linuxftp /]# setfacl -m user:john:rx text2.txt
[root@linuxftp /]# getfacl text2.txt
# file: text2.txt
# owner: root
# group: root
user::rwx
user:john:r-x
group::r--
mask::r-x
other::---



here what is mask mean ??

mask mean, user file creation permission ..

so here what mask user got ?? rx, it has only read and execute permission thats all


does it make sense ??


about the umask

if you read the above link

http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask mean, what the permission by default a user get when it creates a directory or file

in your linux box

if you type umask command from root and a normal user ..


[john@linuxftp /]$ umask
0002

[root@linuxftp /]# umask
0022

you will see different mask

which means

by default when root create a directory or file it has umask0022

and when john create a direcotry or file it has umask 00002








0
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 1000 total points
ID: 35175566
Please read Original permision as bellow


-rwx------   1 root root         0 Mar 20 15:03 text2.txt
0
 
LVL 31

Author Closing Comment

by:farzanj
ID: 35383634
Thanks.  Would investigate.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question