On Mi März 11 2009, Colin Walters wrote:
2009/3/11 Till Maas <opensource(a)till.name>:
> There is no way with ACLs to setup a directory where a group of users has
> complete access to everything.
"complete access to everything" isn't very well specified - can you
give an example?
In a collaborative work environment where several people store files in one
directory or subdirectories of it, every user in the group should have read
and write access to any file.
> It is still possible for a user to add a file
> that cannot be accessed by other users or cannot be written to.
Deliberately? Of course, the Unix discretionary permissions model has
always allowed that, ACLs or not. But the default ACL setting on the
directory should ensure that new files have the intended permissions.
The default ACLs are overwritten by the ACL mask, which is somehow built from
the traditional unix permission. E.g. if there is a directory with a default
mask that gives read and write permissions to a certain group, someone can
still (s)cp a file that is not group writeable to this directory. Then because
of the ACL mask, it is also not group writeable for the collaboration group.
With bindfs a root user can ensure that no non-root user will mess up the
permissions inside the common directory, regardless of whether it happens
intentionally or by accident.
Regards,
Till