Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 702 — #728
i
i
i
i
i
i
i
i
3. According to the output of the ls command, the permissions for the
mask entry include write access. Traditionally, such permission bits
would mean that the owning group (here project3) also has write
access to the directory mydir/. However, the effective access per-
missions for the owning group correspond to the overlapping portion
of the permissions defined for the owning group and for the mask —
which is r-x in our example (see Table 27.2 on page 698). As far as
the effective permissions of the owning group are concerned, nothing
has changed even after the addition of the ACL entries.
Edit the mask entry with setfacl or chmod.
chmod g-w mydir
ls -dl mydir
drwxr-x---+ ... tux project3 ... mydir
getfacl mydir
# file: mydir
# owner: tux
# group: project3
user::rwx
user:jane:rwx # effective: r-x
group::r-x
group:djungle:rwx # effective: r-x
mask::r-x
other::---
After executing the chmod command to remove the write permis-
sion from the group class bits, the output of the ls command is suffi-
cient to see that the mask bits must have changed accordingly: write
permission is again limited to the owner of mydir. The output of the
getfacl confirms this. This output includes a comment for all those
entries in which the effective permission bits do not correspond to
the original permissions, because they are filtered according to the
mask entry. The original permissions can be restored at any time with
chmod:
chmod g+w mydir
ls -dl mydir
drwxrwx---+ ... tux project3 ... mydir
702
27.3. Handling ACLs