Issue with setfacl

07-04-2009

Registered User

4,940, 703

Join Date: Dec 2007

Last Activity: 4 October 2020, 5:57 PM EDT

Location: Outside Paris

Posts: 4,940

Thanks Given: 20

Thanked 703 Times in 595 Posts

Sorry, a word was missing in my last post that was making it confusing. I was already understanding the mask concept the way you describe it.

The bottom line is, regardless of the "umask vs mask" and "wrx vs rwx" typos in the initial command posted, the behavior the OP is observing is correct and there is no way to directly achieve what he wants.

ZFS NFSv4 ACLs wouldn't help either in that case as existing files permissions aren't affected by the inheritance flags.

In any case, assuming the directory ACL are properly set, it would be possible for the user to overcome the limitation by first renaming the file to edit, then copying that file to the original name and finally removing the copy. eg:

Code:

$ id
uid=xxxxx(jlliagre) gid=xxxxx(jlliagre)
$ su
...
# mkdir d
# pe setfacl -r -m user:jlliagre:rwx d
# date > d/f
# getfacl d

# file: d
# owner: root
# group: root
user::rwx
user:jlliagre:rwx   #effective:rwx
group::r-x    #effective:r-x
mask:rwx
other:r-x
# getfacl d/f

# file: d/f
# owner: root
# group: root
user::rw-
group::r--    #effective:r--
mask:r--
other:r--
# ^D
$ cd d
/tmp/mnt/d
$ ls -l
total 2
-rw-r--r--   1 root     root          30 Jul  4 11:32 f
$ date >> f
/bin/ksh: f: cannot create
$ mv f f1
$ cp f1 f
$ rm -f f1
$ date >> f
$ ls -l
total 2
-rw-r--r--   1 jlliagre jlliagre      60 Jul  4 11:32 f

jlliagre

View Public Profile for jlliagre

Find all posts by jlliagre

Config::Model::OpenSsh(3pm) User Contributed Perl Documentation Config::Model::OpenSsh(3pm) NAME
Config::Model::OpenSsh - OpenSsh config editor SYNOPSIS
invoke editor The following will launch a graphical editor (if Config::Model::TkUI is installed): sudo cme edit sshd command line This command will add a "Host Foo" section in "~/.ssh/config": cme modify ssh Host:Foo ForwardX11=yes programmatic This code snippet will remove the "Host Foo" section added above: use Config::Model ; use Log::Log4perl qw(:easy) ; my $model = Config::Model -> new ( ) ; my $inst = $model->instance (root_class_name => 'Ssh'); $inst -> config_root ->load("Host~Foo") ; $inst->write_back() ; DESCRIPTION
This module provides a configuration editors (and models) for the configuration files of OpenSsh. ("/etc/ssh/sshd_config", /etc/ssh/ssh_config and "~/.ssh/config"). This module can also be used to modify safely the content of these configuration files from a Perl programs. Once this module is installed, you can edit "/etc/ssh/sshd_config" with run (as root) : # cme edit sshd To edit /etc/ssh/ssh_config, run (as root): # cme edit ssh To edit ~/.ssh/config, run as a normal user: # cme edit ssh user interfaces As mentioned in cme, several user interfaces are available with "edit" subcommand: o A graphical interface is proposed by default if Config::Model::TkUI is installed. o A Curses interface with option "cme edit ssh -ui curses" if Config::Model::CursesUI is installed. o A Shell like interface with option "cme edit ssh -ui shell". AUTHOR
Dominique Dumont, (ddumont at cpan dot org) SEE ALSO
cme, Config::Model, perl v5.14.2 2012-10-29 Config::Model::OpenSsh(3pm)

Solaris

Issue with setfacl

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

help needed with setfacl

Discussion started by: samnyc

2. UNIX for Advanced & Expert Users

setfacl directory limit

Discussion started by: sigd

3. Solaris

setfacl on a directory

Discussion started by: niyazi

4. Solaris

Please help --setfacl: illegal option -- R

Discussion started by: manoj_dahiya22

5. Solaris

How to use setfacl

Discussion started by: nypreH

6. Shell Programming and Scripting

Setfacl permission issue

Discussion started by: MeganP

7. UNIX for Advanced & Expert Users

setfacl

Discussion started by: fredao

8. Cybersecurity

Usage of setfacl

Discussion started by: chakri400

LEARN ABOUT DEBIAN

config::model::openssh