acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Acl-devel] Default acl not respected when copying


From: Michael Orlitzky
Subject: Re: [Acl-devel] Default acl not respected when copying
Date: Tue, 14 Oct 2014 19:07:23 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.8.0

On 10/14/2014 03:15 PM, Andreas Grünbacher wrote:
> 2014-10-14 15:57 GMT+02:00 Michael Orlitzky <address@hidden>:
>> This is a bug in 'cp'.
> 
> Michael, there is no bug in cp, cp behaves as specified.
> 

This is how it behaves:

  $ mkdir acl
  $ cd acl
  $ setfacl -d -m user:apache:rwx .
  $ cp /etc/profile ./
  $ getfacl -c profile
  user:apache:rwx   #effective:r--
  group::r-x        #effective:r--
  mask::r--
  other::r--

And that may be how it's specified, but it's not very helpful assuming
that I created the default ACL because I wanted it applied by default.

Is there any case where that behavior is preferable to the following?

  $ apply-default-acl profile
  $ getfacl -c profile
  user::rw-
  user:apache:rwx   #effective:rw-
  group::r--
  mask::rw-
  other::r--

The need to share a directory between a group of people is one of the
simplest use cases and is basically impossible on Linux with the current
cp,tar,etc. behavior. It gets done, but always by telling the end users
to 'chmod 777' when things don't work. If cp and friends were fixed, the
system administrator could use default ACLs to achieve the same thing
securely.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]