-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/07/2010 02:17, Markus Falb wrote:> #$ setfacl -m u:mf:r bla
> #$ getfacl bla
...
> It is readable by mf like intended.
>
> #$ chmod go-rwx bla
...
> It is not readable no more by mf which was not intended.
> Obviously the mask:: is cleared, but why ? OTOH group::r ?
to answer myself (from acl(5))
snip
The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.
The permissions defined for the file group correspond to the permissions
of the ACL_GROUP_OBJ entry, if the ACL has no ACL_MASK entry. If the ACL
has an ACL_MASK entry, then the permissions defined for the file group
correspond to the permissions of the ACL_MASK entry.
snap
> Confused am i
I tend to think of acls as an extended variant of the classical group
permission now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxFgkwACgkQYoWFBIJE9eVnzgCgvZ8XPBPd3Er6nb9mfyrPGKpS
g88AniRxo+TV/YTamXFCwrIgI5GczXYA
=0oEB
-----END PGP SIGNATURE-----