Monday, December 31, 2007

Mask Me...!?!!!

echo "2007" > /dev/null
Years are going by... so does my age...! wish i could execute "chage -E never mj0vy"
In a way, 2007 was good for me...! Atleast i have started blogging. This year i could really catch up with linux to some extend...! Nothing more to say..!

Lets get into the matter,
Last week me and my friend Gigith were checking the mask flag in setfacl command...! we did some experimentation and finally came up with a good solution.

I assume you all know how to do basic things with setfacl.

i am starting by creating an empty file

#touch /myfile
Note: touch is used to update the timestamp of a file.
#chmod 750 /myfile
I have given the permission for group as read and write ( 4 + 1 )
I am granting full permission for the user tux in that file.

#setfacl -m u:redhat:rwx /myfile
Now the mask of the file would be assigned the maximum value , is rwx(7), but still the owning group's permission would still be read and write only.

#chmod 700 /myfile
Now i negated the permission of group from that file, resulting in the change of mask value from rw to null. But the important thing to note here is that, the owning groups permission would still be 5(r-x), as it was the permission given at the beginning of this setfacl testing operation. But the effective permission of the owning group and the named user would be the permission common between the owning group and the mask. So here, the effective permission would be - - - for both the owning group and named user.
Here the owning group is the group affiliated to /myfile and the named user is the user tux.

Note: whenever the setfacl command is invoked on the file /myfile, the mask is again changed to its maximum value.

No comments: