Access Control Lists — wrong permission?












1















Created file1 and gave 000 permission.



[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1


Gave "test" user rw permission using access control lists:



setfacl -m u:test:rw file1


file1 permission for selinux is correct



[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---


but when i see file permission it's showing 060



[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1


Question : from where this 060 permission coming ?










share|improve this question

























  • there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

    – mosvy
    4 mins ago
















1















Created file1 and gave 000 permission.



[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1


Gave "test" user rw permission using access control lists:



setfacl -m u:test:rw file1


file1 permission for selinux is correct



[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---


but when i see file permission it's showing 060



[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1


Question : from where this 060 permission coming ?










share|improve this question

























  • there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

    – mosvy
    4 mins ago














1












1








1








Created file1 and gave 000 permission.



[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1


Gave "test" user rw permission using access control lists:



setfacl -m u:test:rw file1


file1 permission for selinux is correct



[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---


but when i see file permission it's showing 060



[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1


Question : from where this 060 permission coming ?










share|improve this question
















Created file1 and gave 000 permission.



[root@localhost ~]# ls -ltr file1
----------. 1 root root 0 Jan 28 08:09 file1


Gave "test" user rw permission using access control lists:



setfacl -m u:test:rw file1


file1 permission for selinux is correct



[root@localhost ~]# getfacl file1
# file: file1
# owner: root
# group: root
user::---
user:test:rw-
group::---
mask::rw-
other::---


but when i see file permission it's showing 060



[root@localhost ~]# ls -ltr file1
----rw----+ 1 root root 0 Jan 28 08:09 file1


Question : from where this 060 permission coming ?







permissions acl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 6 mins ago









mosvy

6,8261427




6,8261427










asked 1 hour ago









editiniteditinit

1215




1215













  • there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

    – mosvy
    4 mins ago



















  • there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

    – mosvy
    4 mins ago

















there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

– mosvy
4 mins ago





there's nothing selinux related in your question -- feel free to re-edit your question but please do not put the selinux bits back in ;-)

– mosvy
4 mins ago










1 Answer
1






active

oldest

votes


















1














For files that have acl(5) extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:




There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK entry. Otherwise, if the ACL has no ACL_MASK entry, the group
permissions correspond to the permissions of the ACL_GROUP_OBJ entry.
The other permissions correspond to the permissions of the ACL_OTHER_OBJ
entry




Since you have given the test user rw permissions, and did not use the -n option of setfacl(1) ("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw.





share























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497114%2faccess-control-lists-wrong-permission%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    For files that have acl(5) extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:




    There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
    the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK
    entry, the group permissions correspond to the permissions of the
    ACL_MASK entry. Otherwise, if the ACL has no ACL_MASK entry, the group
    permissions correspond to the permissions of the ACL_GROUP_OBJ entry.
    The other permissions correspond to the permissions of the ACL_OTHER_OBJ
    entry




    Since you have given the test user rw permissions, and did not use the -n option of setfacl(1) ("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw.





    share




























      1














      For files that have acl(5) extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:




      There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
      the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK
      entry, the group permissions correspond to the permissions of the
      ACL_MASK entry. Otherwise, if the ACL has no ACL_MASK entry, the group
      permissions correspond to the permissions of the ACL_GROUP_OBJ entry.
      The other permissions correspond to the permissions of the ACL_OTHER_OBJ
      entry




      Since you have given the test user rw permissions, and did not use the -n option of setfacl(1) ("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw.





      share


























        1












        1








        1







        For files that have acl(5) extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:




        There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
        the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK
        entry, the group permissions correspond to the permissions of the
        ACL_MASK entry. Otherwise, if the ACL has no ACL_MASK entry, the group
        permissions correspond to the permissions of the ACL_GROUP_OBJ entry.
        The other permissions correspond to the permissions of the ACL_OTHER_OBJ
        entry




        Since you have given the test user rw permissions, and did not use the -n option of setfacl(1) ("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw.





        share













        For files that have acl(5) extended attributes, the 3 group bits from the file mask have a different meaning -- they're the ACL mask, ie the maximum access rights that can be granted by the permissions stored in the ACL extended attribute. Quoting from the acl(5) manpage:




        There is a correspondence between the file owner, group, and other permissions and specific ACL entries: the owner permissions correspond to
        the permissions of the ACL_USER_OBJ entry. If the ACL has an ACL_MASK
        entry, the group permissions correspond to the permissions of the
        ACL_MASK entry. Otherwise, if the ACL has no ACL_MASK entry, the group
        permissions correspond to the permissions of the ACL_GROUP_OBJ entry.
        The other permissions correspond to the permissions of the ACL_OTHER_OBJ
        entry




        Since you have given the test user rw permissions, and did not use the -n option of setfacl(1) ("do not recalculate the effective rights mask"), the ACL mask has been correctly set to rw.






        share











        share


        share










        answered 7 mins ago









        mosvymosvy

        6,8261427




        6,8261427






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497114%2faccess-control-lists-wrong-permission%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Loup dans la culture

            How to solve the problem of ntp “Unable to contact time server” from KDE?

            ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux