ACLs Masks + Group Permissions

pyther · 2009-11-08 05:22:11

I don't get this...

I applied setfacl -d -m mask:002 /home/http/pyther.net

pyther.net

# file: ../pyther.net/
# owner: pyther
# group: http
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx        #effective:-w-
default:mask::-w-
default:other::r-x

drwxrwxr-x+ 16 pyther http 4096 2009-11-08 00:19 .

Create File

[pyther@mongo pyther.net]$ touch abc.txt

Permission of File

[pyther@mongo pyther.net]$ getfacl abc.txt 
# file: abc.txt
# owner: pyther
# group: users
user::rw-
group::rwx            #effective:-w-
mask::-w-
other::r--


-rw--w-r--+ 1 pyther users 0 2009-11-08 00:19 abc.txt

Why does getfacl show that the file has group permissions of 777?
I want the group to be able to read + write, but not execute the file. As far as I can tell the file isn't really executable.

Last edited by pyther (2009-11-08 05:24:32)

rine · 2009-11-08 14:37:14

The group permission is 777 because the directory has default:group::rwx. Effectively there are no read and execute rights because of the mask.
Set the default mask and default group to rwx and try again.

pyther · 2009-11-08 15:04:21

Okay, I kinda get it thanks

I actually realized that default group will work and I don't need a umask.

Arch Linux

#1 2009-11-08 05:22:11

ACLs Masks + Group Permissions

#2 2009-11-08 14:37:14

Re: ACLs Masks + Group Permissions

#3 2009-11-08 15:04:21

Re: ACLs Masks + Group Permissions

Board footer