www.bonsaiframework.com
Page tree

Versions Compared

Old Version 19

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 20

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Finally, figured out execute part of ACLs.

...

Code Block
languagebash
sudo /home/
# Normal permissions
sudo chmod -R o-rwx ./www.dailyplanet.com/
# ACL permissions
sudo setfacl -Rm g:wgdailyplanet:rwX ./www.dailyplanet.com/
sudo setfacl -Rm g:www-data:rX ./www.dailyplanet.com/
sudo setfacl -Rm g:staff:rX ./www.dailyplanet.com/

Take a look at the ACLs,

Code Block
languagebash
 getfacl ./www.dailyplanet.com/
# file: www.dailyplanet.com
# owner: ckent
# group: ckent
user::rwx
group::rwx
group:www-data:r-x
group:staff:r-x
group:wgdailyplanet:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:www-data:r-x
default:group:staff:r-x
default:group:wgdailyplanet:rwx
default:mask::rwx
default:other::---

Don't be alarmed that you see x on the groups www-data, staff and wgdailyplanet. That is normal *nix convention it means that execute permission will only be applied on directories. Files will be default not have execute permission applied.

Once we are happy with the permissions, change the default ACLs so any files or folders created underneath the parent directories are maintained,

...

getfacl --access generates the details of the permissions we applied to the directory. The details are then piped to setfacl and the setfacl with the following parameters read,

-d = Change default permissions for newly created files and folder.
-M = Take as input files. Because the dash is used, the file is instead standard input.
R  = Apply changes recursively to folders and files.

...

Code Block
languagebash
sudo /home/
# Normal permissions
sudo chmod -R o-rwx ./www.lexcorp.com/
# ACL permissions
sudo setfacl -Rm g:wglexcorp:rwX ./www.lexcorp.com/
sudo setfacl -Rm g:www-data:rX ./www.lexcorp.com/
sudo setfacl -Rm g:staff:rX ./www.lexcorp.com/
# Apply default ACLs
getfacl --access ./www.lexcorp.com/ | sudo setfacl -d -RM - ./www.lexcorp.com/ # Not working because it grants execute access to everything.

 

References

Good introduction from the Ubuntu docs - https://help.ubuntu.com/community/FilePermissionsACLs

Slightly Skeptical view on ACLs - http://www.softpanorama.org/Articles/slightly_skeptical_view_on_unix_acl.shtml

May be a solution to the ACLs applying x to everything or not to everything Got me to understand why execute permission was set on the groups http://superuser.com/questions/180545/setting-differing-acls-on-directories-and-files