Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 703 — #729
i
i
i
i
i
i
i
i
27
Access Control Lists in Linux
getfacl mydir
# file: mydir
# owner: tux
# group: project3
user::rwx
user:jane:rwx
group::r-x
group:djungle:rwx
mask::rwx
other::---
27.3.4 A Directory with a Default ACL
Directories can have a default ACL, which is a special kind of ACL defining
the access permissions that objects under the directory inherit when they
are created. A default ACL affects subdirectories as well as files.
Effects of a Default ACL
There are two different ways in which the permissions of a directory’s de-
fault ACL are passed to the files and subdirectories in it:
A subdirectory inherits the default ACL of the parent directory both
as its own default ACL and as an access ACL.
A file inherits the default ACL as its own access ACL.
All system calls that create file system objects use a mode parameter that
defines the access permissions for the newly created file system object. If
the parent directory does not have a default ACL, the permission bits as
defined by the umask are subtracted from the permissions as passed by
the mode parameter, with the result being assigned to the new object. If a
default ACL exists for the parent directory, the permission bits assigned to
the new object correspond to the overlapping portion of the permissions
of the mode parameter and those that are defined in the default ACL. The
umask is disregarded in this case.
Application of Default ACLs
The following three examples show the main operations for directories and
default ACLs:
703SUSE LINUX Enterprise Server