oddities in interference of linux extened ACLs and 'regular' permissions

Posted by abbot on Server Fault See other posts from Server Fault or by abbot
Published on 2010-06-07T19:40:08Z Indexed on 2010/06/07 19:53 UTC
Read the original article Hit count: 270

Filed under:
|
|

I've got some legacy code which checks that some file is read-only and readable only by it's owner, i.e. permissions set to 0400. I also need to give read-only access to this file to some other user on the system. I'm trying to set extended ACLs, but this changes 'regular' permission bits in a strange way also:

$ ls -l hostkey.pem 
-r-------- 1 root root 0 Jun  7 23:34 hostkey.pem
$ setfacl -m user:apache:r hostkey.pem 
$ getfacl hostkey.pem 
# file: hostkey.pem
# owner: root
# group: root
user::r--
user:apache:r--
group::---
mask::r--
other::---

$ ls -l hostkey.pem 
-r--r-----+ 1 root root 0 Jun  7 23:34 hostkey.pem

And after this the legacy code starts complaining that the file is group-readable (while it is actually not!)

Is it possible to set the extended ACLs in such a way that some other user will also have read-only access, while the file will appear to have only 0400 'regular' permissions?

© Server Fault or respective owner

Related posts about linux

Related posts about permissions