running wheezy. I have a dir w/ unix perm = 750 IE: root@wheezy:/home/chtest/home# ls -l drwxr-s--- 3 root chadm 4096 Jan 9 14:12 ftptest
I added an acl g perm using: # setfacl -m g:chadm:rwx ftptest this, unfortunately, changes unix perm to = 770 IE: V drwxrWs---+ 3 root chadm 4096 Jan 9 14:12 ftptest I then re-removed unix g w perm: # chmod g-w ftptest IE: drwxr-s---+ 3 root chadm 4096 Jan 9 14:12 ftptest This action causes unix perms to OVERRIDE acl perms - NOT what I want: IE: root@wheezy:/home/chtest/home# getfacl ftptest # file: ftptest # owner: root # group: chadm # flags: -s- user::rwx group::r-x vvvvvvvv group:chadm:rWx #effective:r-x mask::r-x ^^^^^^^^ other::--- So - Is there a way to force ACL perms to dictate the effective rights?? FWIW: it APPEARS to me that the acl access check algorithm will not allow this. however - since the entire acl sub-system was "meant to increase granularity of permissions" - shouldn't acl ALWAYS override unix perms? is this a bug in the ACL algorithm? === end of my question; begin additional info === because I KNOW someone will want to know why this is a problem - here's why, and I hope you're not sorry you asked !! :-) I'm using [openssh] internal-sftp to chroot users to their home dir. internal-sftp's chroot DEMANDS that all dir's leading to home MUST be root-owned, and NO g-w permissions !! But my managers (members of group: chadm) must have full permissions in all sftp users' home dir's. So NEITHER my sftp user, NOR my managing group have write access to the home directory !?!? (yes, i know i can create another sub-dir they can get at, but i don't want to - that's sloppy, and un-intuitive.) This SEEMS like such a simple task. And it PAINS me to no end, that this task would be relatively easy to implement under windoze - but seems impossible to solve under linux !!??? ...sup w/ dat !?!? TIA - Bob
