On Mi März 11 2009, Colin Walters wrote: > 2009/3/11 Till Maas <opensource@xxxxxxxxx>: > > There is no way with ACLs to setup a directory where a group of users has > > complete access to everything. > > "complete access to everything" isn't very well specified - can you > give an example? In a collaborative work environment where several people store files in one directory or subdirectories of it, every user in the group should have read and write access to any file. > > It is still possible for a user to add a file > > that cannot be accessed by other users or cannot be written to. > > Deliberately? Of course, the Unix discretionary permissions model has > always allowed that, ACLs or not. But the default ACL setting on the > directory should ensure that new files have the intended permissions. The default ACLs are overwritten by the ACL mask, which is somehow built from the traditional unix permission. E.g. if there is a directory with a default mask that gives read and write permissions to a certain group, someone can still (s)cp a file that is not group writeable to this directory. Then because of the ACL mask, it is also not group writeable for the collaboration group. With bindfs a root user can ensure that no non-root user will mess up the permissions inside the common directory, regardless of whether it happens intentionally or by accident. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
