oddities in interference of linux extened ACLs and 'regular' permissions
Posted
by abbot
on Server Fault
See other posts from Server Fault
or by abbot
Published on 2010-06-07T19:40:08Z
Indexed on
2010/06/07
19:53 UTC
Read the original article
Hit count: 270
I've got some legacy code which checks that some file is read-only and readable only by it's owner, i.e. permissions set to 0400. I also need to give read-only access to this file to some other user on the system. I'm trying to set extended ACLs, but this changes 'regular' permission bits in a strange way also:
$ ls -l hostkey.pem
-r-------- 1 root root 0 Jun 7 23:34 hostkey.pem
$ setfacl -m user:apache:r hostkey.pem
$ getfacl hostkey.pem
# file: hostkey.pem
# owner: root
# group: root
user::r--
user:apache:r--
group::---
mask::r--
other::---
$ ls -l hostkey.pem
-r--r-----+ 1 root root 0 Jun 7 23:34 hostkey.pem
And after this the legacy code starts complaining that the file is group-readable (while it is actually not!)
Is it possible to set the extended ACLs in such a way that some other user will also have read-only access, while the file will appear to have only 0400 'regular' permissions?
© Server Fault or respective owner