Date: Wed, 11 Oct 2006 10:18:34 +0200 From: Patrik Jansson <fbsd@aleborg.se> To: freebsd-questions@freebsd.org Subject: Problems with ACLs Message-ID: <452CA8DA.2090403@aleborg.se>
next in thread | raw e-mail | index | archive | help
I'm trying to set default ACLs on a directory to restrict access to a directory and every file/directory created within this directory to two users. I have used this website to get a grip of how it works: http://www.onlamp.com/pub/a/bsd/2003/08/14/freebsd_acls.html Following that example: # setfacl -d -m u::rwx,g::rwx,o::---,u:apache:rwx,u:web26124:rwx test # setfacl -m u::rwx,g::rwx,o::---,u:apache:rwx,u:web26124:rwx test # cd test # touch file.txt # getfacl file.txt #file:file.txt #owner:0 #group:1003 user::rw- user:apache:rwx # effective: r-- user:web26124:rwx # effective: r-- group::rwx # effective: r-- mask::r-- other::--- Looks fine to me. So now I have a PHP script (runs as apache) that creates a directory (inside this directory I have just set default ACLs for) and a file within it: # getfacl dir/file #file:dir/file #owner:1004 #group:1003 user::rw- user:apache:rwx # effective: r-- user:web26124:rwx # effective: r-- group::rwx # effective: r-- mask::r-- other::--- And then I try to remove the file as web26124: $ whoami web26124 $ rm dir/file override rw-r----- apache/apache for dir/file? yes rm: dir/file: Permission denied Files that are created in the directory where I have set default ACLs is removable by web26124 but not files that are created in the subdirectory. # ls -alF total 16 drwxrwx---+ 3 web26124 apache 512 Oct 11 10:14 ./ drwxr-xr-x 4 web26124 apache 512 Oct 11 10:01 ../ -rw-r--r--+ 1 root apache 64 Oct 11 10:14 create.php drwxr-x---+ 2 apache apache 512 Oct 11 10:13 dir/ <- Files inside this directory is NOT removable -rw-r-----+ 1 apache apache 0 Oct 11 10:13 file3 <- Removable What's wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452CA8DA.2090403>