[OpenIndiana-discuss] ACL problem
Michelle
michelle at msknight.com
Sun Dec 13 15:02:20 UTC 2015
I'm definitely having problems with this inherit_only flag.
What starts as this...
drwxrwxrwx+ 2 Joe Family 2 Dec 13 15:40 guest_folder
0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/execute/delete_child/read_attributes
/delete/read_acl:file_inherit/dir_inherit:allow
1:group@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/execute/delete_child/read_attributes
/delete/read_acl:file_inherit/dir_inherit:allow
2:everyone@:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/execute/delete_child
/read_attributes/delete/read_acl:file_inherit/dir_inherit:allow
... if a guest (who has access under "everyone) writes a file or makes a
directory in that folder, then the ownership is not Joe, but the guest
account.
Adding the inherit_only flag changes to this...
d---------+ 2 Joe Family 2 Dec 13 15:40 guest_folder
0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/execute/delete_child/read_attributes
/delete/read_acl:file_inherit/dir_inherit/inherit_only:allow
1:group@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/execute/delete_child/read_attributes
/delete/read_acl:file_inherit/dir_inherit/inherit_only:allow
2:everyone@:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/execute/delete_child
/read_attributes/delete/read_acl:file_inherit/dir_inherit
/inherit_only:allow
...and not even Joe can see the directory guest_folder in an SFTP
listing, despite being the owner and having the rights.
There's something obvious going on here that I clearly haven't got to
grips with.
All I'm trying to do, is ensure that all files written within a
directory, have the same ownership as the directory itself, no matter
what account actually writes them.
More information about the openindiana-discuss
mailing list