BSD DevCenter

oreilly.comSafari Books Online.Conferences.

We've expanded our LAMP news coverage and improved our search! Search for all things LAMP across O'Reilly!

Search
Search Tips

advertisement

Listen Print Discuss Subscribe to BSD Subscribe to Newsletters

Using FreeBSD's ACLs
Pages: 1, 2, 3, 4, 5, 6

Understanding Directory ACLs

A file can have only one ACL, its "access ACL." Most users will be happy with the ability to fine-tune the permissions on the files they create, as demonstrated in the previous section.



Directories are more complex, as they can have up to three types of ACLs:

  • An access ACL affects access to the directory itself.
  • The default directory ACL sets the default permissions on any subdirectories created within the directory.
  • The default access ACL sets the default permissions on any files created within the directory. Note that if the default directory ACL is not set, subdirectories will also inherit this ACL. However, if the default directory ACL is set, that value will override the value of this ACL.

The current FreeBSD implementation supports only the first two types of directory ACLs, so double-check the effective permissions on any files you create in directories containing ACLs.

To see how this works, create a directory called folder.

Note: If you're planning on setting an ACL on a directory, do so before you add any files or subdirectories to that directory. This is because only objects created after the ACL can inherit the ACL. If you add an ACL to a directory that already contains files or subdirectories, always double-check that they contain the desired ACLs.

Look at the ACL properties for folder (Figure 7). It looks similar to a file, except the Default ACL button is no longer grayed out and there is a new Default check box under the Participants list.

ACL properties for the new directory
Figure 7. ACL properties for the new directory

The User, Group, and Other permissions affect access to the directory itself and therefore represent the first type of ACL or the access ACL.

adding Default ACL properties
Figure 8. Adding default ACL properties

Click on that Default ACL button. As Figure 8 shows, there are now four additional entries. These represent the second type of ACL, or the default directory ACL, and affect only subdirectories. Verify this by creating a subfolder and file:

% getfacl folder
#file:folder
#owner:1001
#group:1001
user::rwx
group::r-x
other::r-x

% mkdir folder/subfolder
% touch folder/testfile
% ls -l folder
drwxr-xr-x+ 2 dru  dru  512 Jul 27 12:23 subfolder
-rw-r--r--+ 1 dru  dru    0 Jul 27 12:23 testfile

Notice that subfolder inherited the directory permissions but testfile did not.

Pages: 1, 2, 3, 4, 5, 6

Next Pagearrow




Sponsored Resources

  • Inside Lightroom
Advertisement

Sponsored by:

O'Reilly Media

©2009, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. 		About O'Reilly
Academic Solutions
Authors
Contacts
Customer Service
Jobs
Newsletters
O'Reilly Labs
Press Room
Privacy Policy
RSS Feeds
Terms of Service
User Groups
Writing for O'Reilly
Content Archive
Business Technology
Computer Technology
Google
Microsoft
Mobile
Network
Operating System
Digital Photography
Programming
Software
Web
Web Design
 More O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
Inside iPhone
O'Reilly FYI
makezine.com
craftzine.com
hackszine.com
perl.com
xml.com

Partner Sites
InsideRIA
java.net
O'Reilly Insights on Forbes.com