Re: permissions: can you force ACL to be effective over unix perms?
On 15/01/14 10:00, Bob Goldberg wrote:
> On Mon, Jan 13, 2014 at 5:40 PM, Scott Ferguson
> <scott.ferguson.debian.user@gmail.com
> <mailto:scott.ferguson.debian.user@gmail.com>> wrote:
>
> I've followed the posts in this thread, dealing with the various
> tangents it's taken won't help you, probably the reason why it's
> received little attention.
>
>
> good point; noted, and TY.
>
>
> On 11/01/14 10:50, Bob Goldberg wrote:
> >
> > This action causes unix perms to OVERRIDE acl perms - NOT what I want
>
> Then you'll have to find another way to achieve what you want.
>
> *ACL should never override UNIX perms*. And they can't - if they did it
> 'would' be a bug.
>
> <snipped>
>
>
> > shouldn't acl ALWAYS override unix perms?
>
>
> NO. I'm sorry about your confusion, probably due to differences between
> the Windows system and UNIX. File attributes are not the same as UNIX
> permissions.
>
>
>
> Scott;
>
> you're right about my confusion; tho it doesn't stem from windows. I
> only used that ref. as an attempted comic comparison. (I actually
> learned *nix before windows existed).
>
> Here's examples of where my confusion comes from:
> from: http://www.softpanorama.org/Commercial_linuxes/linux_acl.shtml
>>>
> /ACLs grant "higher-level" access rights that have priority over regular
> file permissions./
That's correct. I won't get a chance till later tonight, but I need to
amend and retract my earlier emphatic statement. ACL does "override"
UNIX permissions, it can also "change" UNIX permissions - but they don't
conflict with the process/upsurp the order (root -> user -> group ->
world) resulting in anarchy. I know that doesn't make anything clearer -
probably because I'm a long way from expert on the subject (I use ACL,
not design or define them).
In this instance we're talking about what I call ext2 ACL (I don't
remember the correct technical term)
<snipped>
I'm sorry I don't currently have time to give this thread the attention
it deserves. Thanks for the extra information about what you are wanting
to do as I was having trouble understanding, though not necessarily
through any failing on your part :)
Kind regards
Reply to: