running wheezy.
I have a dir w/ unix perm = 750
IE:
root@wheezy:/home/chtest/home# ls -l
drwxr-s--- 3 root chadm 4096 Jan 9 14:12 ftptest
I added an acl g perm using: # setfacl -m g:chadm:rwx ftptest
this, unfortunately, changes unix perm to = 770
IE: V
drwxrWs---+ 3 root chadm 4096 Jan 9 14:12 ftptest
I then re-removed unix g w perm: # chmod g-w ftptest
IE:
drwxr-s---+ 3 root chadm 4096 Jan 9 14:12 ftptest
This action causes unix perms to OVERRIDE acl perms - NOT what I want:
IE:
root@wheezy:/home/chtest/home# getfacl ftptest
# file: ftptest
# owner: root
# group: chadm
# flags: -s-
user::rwx
group::r-x vvvvvvvv
group:chadm:rWx #effective:r-x
mask::r-x ^^^^^^^^
other::---
So - Is there a way to force ACL perms to dictate the effective rights??
FWIW:
it APPEARS to me that the acl access check algorithm will not allow this.
however - since the entire acl sub-system was "meant to increase granularity of permissions" - shouldn't acl ALWAYS override unix perms? is this a bug in the ACL algorithm?
=== end of my question; begin additional info ===
because I KNOW someone will want to know why this is a problem - here's why, and I hope you're not sorry you asked !! :-)
I'm using [openssh] internal-sftp to chroot users to their home dir.
internal-sftp's chroot DEMANDS that all dir's leading to home MUST be root-owned, and NO g-w permissions !!
But my managers (members of group: chadm) must have full permissions in all sftp users' home dir's.
So NEITHER my sftp user, NOR my managing group have write access to the home directory !?!?
(yes, i know i can create another sub-dir they can get at, but i don't want to - that's sloppy, and un-intuitive.)
This SEEMS like such a simple task. And it PAINS me to no end, that this task would be relatively easy to implement under windoze - but seems impossible to solve under linux !!???
...sup w/ dat !?!?
TIA - Bob