Hi there,
on our Systems running Solaris 8 we experience strange behaviour regarding default ACLs.
For some directories having default ACLs creating a file yields correct ACL settings on others it won't.
See this example:
# file: dir1
# owner: john
# group: group1
user::rwx
group::rwx #effective:rwx
group:dba:r-x #effective:r-x
mask:rwx
other:---
default:user::rwx
default:group::rwx
default:group:dba:r--
default:mask:rwx
default
ther:---
# file: dir2
# owner: john
# group: group1
user::rwx
group::rwx #effective:rwx
group:dba:r-x #effective:r-x
mask:rwx
other:---
default:user::rwx
default:group::rwx
default:group:dba:r--
default:mask:rwx
defaultther:---
As you can see both directories have the same ACL settings (output of "getfacl"
Now as user "john" I'm creating files in both of these directories.
$touch ./dir1/testFile
$touch ./dir2/testFile
This is the puzzling result:
# file: dir1/testFile
# owner: john
# group: group1
user::rw-
group::rwx #effective:rw-
group:dba:r-- #effective:r--
mask:rw-
other:---
# file: dir2/testFile
# owner: john
# group: group1
user::rw-
group::rwx #effective:---
group:dba:r-- #effective:---
mask:---
other:---
In the second case the "mask" entry mutated to "---" thus the effective settings for "group" and "group:dba" are masked the appropriate way.
I tried to avoid the mask setting but if you set any of those default ACLs you have to specify all of them.
Any hint is well appreciated.
on our Systems running Solaris 8 we experience strange behaviour regarding default ACLs.
For some directories having default ACLs creating a file yields correct ACL settings on others it won't.
See this example:
# file: dir1
# owner: john
# group: group1
user::rwx
group::rwx #effective:rwx
group:dba:r-x #effective:r-x
mask:rwx
other:---
default:user::rwx
default:group::rwx
default:group:dba:r--
default:mask:rwx
default
ther:---# file: dir2
# owner: john
# group: group1
user::rwx
group::rwx #effective:rwx
group:dba:r-x #effective:r-x
mask:rwx
other:---
default:user::rwx
default:group::rwx
default:group:dba:r--
default:mask:rwx
default
ther:---As you can see both directories have the same ACL settings (output of "getfacl"
Now as user "john" I'm creating files in both of these directories.
$touch ./dir1/testFile
$touch ./dir2/testFile
This is the puzzling result:
# file: dir1/testFile
# owner: john
# group: group1
user::rw-
group::rwx #effective:rw-
group:dba:r-- #effective:r--
mask:rw-
other:---
# file: dir2/testFile
# owner: john
# group: group1
user::rw-
group::rwx #effective:---
group:dba:r-- #effective:---
mask:---
other:---
In the second case the "mask" entry mutated to "---" thus the effective settings for "group" and "group:dba" are masked the appropriate way.
I tried to avoid the mask setting but if you set any of those default ACLs you have to specify all of them.
Any hint is well appreciated.