On Sun, May 24, 2009 at 11:27 AM, Dominick Grift <domg472@xxxxxxxxx> wrote: > On Sun, 2009-05-24 at 09:31 -0700, Justin Mattock wrote: >> I've been freaking out for a few weeks at looking >> at ls -Z and seeing a dot at the end of the permissions. >> (then after gogling I found) >> http://www.linux-archive.org/fedora-development/285498-dot-end-permissions-something-new.html >> >> relieving me of thinking I have a hole in the ACL's. >> >> Anyways how would one go about changing >> the "." to a "+" at the end of the permission? >> > > The dot in the end means there is also a SELinux context. > The plus in the end means there is also a ACL defined. > > No dot and plus means only basic DAC permissions are defined. > > I hope this clears things up for you: > > [root@notebook2 /]# mkdir test > [root@notebook2 /]# ls -alZ / | grep test > drwxr-xr-x. root root dgrift:object_r:default_t:SystemLow test > [root@notebook2 /]# setfacl -m u:dgrift:r test > [root@notebook2 /]# ls -alZ / | grep test > drwxr-xr-x+ root root dgrift:object_r:default_t:SystemLow test > [root@notebook2 /]# > > Thanks for the info. So I take it somewhere on my system there an init script that's setting the "."(dot) What would be the preferred way to have this set? (safest and/or securest) -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
