Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 704 — #730
i
i
i
i
i
i
i
i
1. Add a default ACL to the existing directory mydir/ with:
setfacl -d -m group:djungle:r-x mydir
The option -d of the setfacl command prompts setfacl to per-
form the following modifications (option -m) in the default ACL.
Take a closer look at the result of this command:
getfacl mydir
# file: mydir
# owner: tux
# group: project3
user::rwx
user:jane:rwx
group::r-x
group:djungle:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:djungle:r-x
default:mask::r-x
default:other::---
getfacl returns both the access ACL and the default ACL. The de-
fault ACL is formed by all lines that start with default. Although
you merely executed the setfacl command with an entry for the
djungle group for the default ACL, setfacl automatically copied
all other entries from the access ACL to create a valid default ACL.
Default ACLs do not have an immediate effect on access permissions.
They only come into play when file system objects are created. These
new objects inherit permissions only from the default ACL of their
parent directory.
2. In the next example, use mkdir to create a subdirectory in mydir/,
which inherits the default ACL.
mkdir mydir/mysubdir
getfacl mydir/mysubdir
# file: mydir/mysubdir
# owner: tux
# group: project3
user::rwx
group::r-x
group:djungle:r-x
mask::r-x
704
27.3. Handling ACLs