Access Control Lists — wrong permission?
Created file1 and gave 000 permission.
[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1
Gave "test" user rw permission using access control lists:
setfacl -m u:test:rw file1
file1 permission for selinux is correct
[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---
but when i see file permission it's showing 060
[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1
Question : from where this 060 permission coming ?
permissions acl
add a comment |
Created file1 and gave 000 permission.
[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1
Gave "test" user rw permission using access control lists:
setfacl -m u:test:rw file1
file1 permission for selinux is correct
[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---
but when i see file permission it's showing 060
[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1
Question : from where this 060 permission coming ?
permissions acl
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago
add a comment |
Created file1 and gave 000 permission.
[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1
Gave "test" user rw permission using access control lists:
setfacl -m u:test:rw file1
file1 permission for selinux is correct
[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---
but when i see file permission it's showing 060
[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1
Question : from where this 060 permission coming ?
permissions acl
Created file1 and gave 000 permission.
[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1
Gave "test" user rw permission using access control lists:
setfacl -m u:test:rw file1
file1 permission for selinux is correct
[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---
but when i see file permission it's showing 060
[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1
Question : from where this 060 permission coming ?
permissions acl
permissions acl
edited 3 mins ago
mosvy
6,8161427
6,8161427
asked 1 hour ago
editiniteditinit
1215
1215
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago
add a comment |
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago
add a comment |
1 Answer
1
active
oldest
votes
For files that have acl(5)
extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:
There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of theACL_USER_OBJ
entry. If the ACL has anACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK
entry. Otherwise, if theACL
has noACL_MASK
entry, the group
permissions correspond to the permissions of theACL_GROUP_OBJ
entry.
The other permissions correspond to the permissions of theACL_OTHER_OBJ
entry
Since you have given the test
user rw
permissions, and did not use the -n
option of setfacl(1)
("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw
.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497114%2faccess-control-lists-wrong-permission%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
For files that have acl(5)
extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:
There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of theACL_USER_OBJ
entry. If the ACL has anACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK
entry. Otherwise, if theACL
has noACL_MASK
entry, the group
permissions correspond to the permissions of theACL_GROUP_OBJ
entry.
The other permissions correspond to the permissions of theACL_OTHER_OBJ
entry
Since you have given the test
user rw
permissions, and did not use the -n
option of setfacl(1)
("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw
.
add a comment |
For files that have acl(5)
extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:
There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of theACL_USER_OBJ
entry. If the ACL has anACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK
entry. Otherwise, if theACL
has noACL_MASK
entry, the group
permissions correspond to the permissions of theACL_GROUP_OBJ
entry.
The other permissions correspond to the permissions of theACL_OTHER_OBJ
entry
Since you have given the test
user rw
permissions, and did not use the -n
option of setfacl(1)
("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw
.
add a comment |
For files that have acl(5)
extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:
There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of theACL_USER_OBJ
entry. If the ACL has anACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK
entry. Otherwise, if theACL
has noACL_MASK
entry, the group
permissions correspond to the permissions of theACL_GROUP_OBJ
entry.
The other permissions correspond to the permissions of theACL_OTHER_OBJ
entry
Since you have given the test
user rw
permissions, and did not use the -n
option of setfacl(1)
("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw
.
For files that have acl(5)
extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:
There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of theACL_USER_OBJ
entry. If the ACL has anACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK
entry. Otherwise, if theACL
has noACL_MASK
entry, the group
permissions correspond to the permissions of theACL_GROUP_OBJ
entry.
The other permissions correspond to the permissions of theACL_OTHER_OBJ
entry
Since you have given the test
user rw
permissions, and did not use the -n
option of setfacl(1)
("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw
.
answered 4 mins ago
mosvymosvy
6,8161427
6,8161427
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497114%2faccess-control-lists-wrong-permission%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)
– mosvy
1 min ago