filesystem acl problem
Hi guys,
I'm doing some thing wrong.   I have my mailserver setup to deliver mail
for all domains to /home/vmail/<DOMAIN>/<MAILBOX>.  Files and
directories inside it gets created with 0600 and 0700 permissions,
respectively - I don't see a way to tell postfix to do it any other way.
I have a cronjob on another machine, that does a rsync via ssh as the
user 'backup' on a daily basis.
I enabled acl on the ext3 filesystem, and gave 'backup' access to
/home/vmail.  Problem is, it's not propagating.
Here's what I've tried
setfacl -R -m user:backup:r-x vmail
setfacl -R -m mask:r-x vmail
setfacl -R -m d:mask:r-x vmail
setfacl -R -m d:user:backup:r-x vmail
Which gives me the following if I do getfacl on /home/vmail:
# file: vmail
# owner: vmail
# group: vmail
user::rwx
user:backup:r-x
group::r-x
mask::r-x
other::r-x
default:user::rwx
default:user:backup:r-x
default:group::r-x
default:mask::r-x
default:other::r-x
Yet, if I su to backup and try to view this file, I get Permission 
Denied.  Looking at one of the files that was in the directory when I 
did the setfacl, the permissions are 650 instead of 600.  New files are 
created 600.
So here's a file I can read:
-rw-r-x---+  1 vmail vmail 2.9K 2008-02-05 19:10 
1202238647.V302I58404dM470661.host.domain.tld:2,S
and the getfacl for it:
# file: 1202238647.V302I58404dM470661.host.domain.tld:2,S
# owner: vmail
# group: vmail
user::rw-
user:backup:r-x
group::---
mask::r-x
other::---
Here's a new file:
-rw-------+ 1 vmail vmail 3.2K 2008-02-05 19:24 
1202239457.V302I58405dM250576.host.domain.tld
and the getfacl for it:
# file: 1202239457.V302I58405dM250576.host.domain.tld
# owner: vmail
# group: vmail
user::rw-
user:backup:r-x               #effective:---
group::---
mask::---
other::---
Notice the mask didn't propagate, although I don't see how that is 
relevant, because user 'backup' still has explicite r-x permissions on 
everything.
What am I missing?
Thanks
Reply to: