[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: permissions: can you force ACL to be effective over unix perms?

On Mon, Jan 13, 2014 at 5:40 PM, Scott Ferguson <scott.ferguson.debian.user@gmail.com> wrote:
I've followed the posts in this thread, dealing with the various
tangents it's taken won't help you, probably the reason why it's
received little attention.


good point; noted, and TY.
 
On 11/01/14 10:50, Bob Goldberg wrote:
>
> This action causes unix perms to OVERRIDE acl perms - NOT what I want

Then you'll have to find another way to achieve what you want.

*ACL should never override UNIX perms*. And they can't - if they did it
'would' be a bug.

<snipped>


> shouldn't acl ALWAYS override unix perms?


NO.  I'm sorry about your confusion, probably due to differences between
the Windows system and UNIX. File attributes are not the same as UNIX
permissions.
 
 
Scott;

you're right about my confusion; tho it doesn't stem from windows. I only used that ref. as an attempted comic comparison. (I actually learned *nix before windows existed).

Here's examples of where my confusion comes from:
from: http://www.softpanorama.org/Commercial_linuxes/linux_acl.shtml
>>
ACLs grant "higher-level" access rights that have priority over regular file permissions.
<<

from: http://users.suse.com/~agruen/acl/linux-acls/online/
(under: Access Check Algorithm)
>>
A process can be a member in more than one group, so more than one group entry can match. If any of these matching group entries contain the requested permissions, one that contains the requested permissions is picked
<<

I've read numerous articles which indicate ACL's should have priority over normal unix-permissions.

my experiences, and information relayed in this thread contradict this.

whenever I have a problem - I always assume I'M doing something wrong. These articles made me think my understanding was accurate, and therefore I must not be communicating the problem correctly.

So - i'm happy to be wrong about something - that's how I learn. But if i'm wrong here - then it appears there is a bug in the ACL implementation. (or i've SERIOUSLY misinterpreted statements like those above). 

If i'm wrong - i would really like to understand how i got here.

TIA - Bob

Reply to: