Hi Today i added new disk partition to my 5.1-release box. I want to use ACLs, which are enabled in kernel, they work partialy. They work on a single directory or file, but they don't even apply to file/directory, when i try to set so called default ACL entry. I attached my kernel config file. Additionally, i've got loaded openbsd pf module (firewall). Any help would be very appreciated. Brane Command sequence was: # newfs -O 2 -L export -U -m 0 -o space /dev/ad0s2d ... lots of numbers ... # tunefs -a enable /dev/ad0s2d tunefs: ACLs set # mount /dev/ad0s2d /export # mount | grep /export /dev/ad0s2d on /export (ufs, local, soft-updates, acls) Now i create directory /export/a. I want to be owned by root:wheel, others will no have any access at all and i want that user branko will have rw access to it. # mkdir a # getfacl a #file:a #owner:0 #group:0 user::rwx group::r-x other::r-x # setfacl -m u::rwx,g::rx,o::---,u:branko:rwx a # getfacl a #file:a #owner:0 #group:0 user::rwx user:branko:rwx group::r-x mask::rwx other::--- (testing as branko - works okay) Now, if root creates some files (od dirs) in 'a', owner of that file will be root and only standard unix triple acl will be assigned, so that user branko will not be able to access that file read/write. Well, it seems, that default directory acl need to be set to achive above goal. # setfacl -b a # setfacl -dm u::rwx,g::rwx,o::--,u:branko:rwx a # getfacl a #file:a #owner:0 #group:0 user::rwx group::r-x mask::r-x other::--- WHOOPS, where is user branko?! Why group's acls was not altered from 'r-x' to 'rwx' ?! Ofcourse, trying to access directory 'a' as branko doesn't succeed.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:18 UTC