Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 700 — #726
i
i
i
i
i
i
i
i
This mapping approach ensures the smooth interaction of applications, re-
gardless of whether they have ACL support. The access permissions that
were assigned by means of the permission bits represent the upper limit for
all other “fine adjustments” made by means of ACLs. Any permissions not
reflected here were either not set in the ACL or are not effective. Changes
made to the permission bits are reflected by the ACL and vice versa.
27.3.3 A Directory with Access ACL
The handling of access ACLs is demonstrated in three steps by means of
the following example:
1. Before you create the directory, use the umask command to define
which access permissions should be masked each time a file object
is created. The command umask 027 sets the default permissions
by giving the owner the full range of permissions (0), denying the
group write access (2), and giving other users no permissions at
all (7). umask actually masks the corresponding permission bits or
turns them off. For details, consult the corresponding man page (man
umask).
mkdir mydir should create the mydir directory with the default
permissions as set by umask. Use the following command to check if
all permissions were assigned correctly:
ls -dl mydir
drwxr-x--- ... tux project3 ... mydir
2. Check the initial state of the ACL and insert a new user entry and a
new group entry with getfacl mydir. This gives information like:
# file: mydir
# owner: tux
# group: project3
user::rwx
group::r-x
other::---
The output of getfacl precisely reflects the mapping of permission
bits and ACL entries as described in Section 27.3.2 on the page be-
fore. The first three output lines display the name, owner, and own-
ing group of the directory. The next three lines contain the three ACL
700
27.3. Handling ACLs