PDA

View Full Version : File permissions



hisbrj
11-Feb-2013, 10:12
Hi,

what does the + mean? How can it be removed?

Let's say we have file permission like -rw-r----- or drwxr-xr-x now question about that, it's well known and clear. But, what does it mean if we have: -rw-r----- + or drwxr-xr-x + ? from where the plus sign is comming? It's not a suid or a stiky bit, what is it? What function is related to it? From where is it comming and how can it be removed? For instance doing some thing like: chmod 0640 doesn't help!

ab
11-Feb-2013, 14:49
The '+' on the end means you have extended ACLs on the file. Use the
'getfacl' and 'setfacl' commands to view/modify these, respectively. See
those commands' man pages (and countless articles online) for help
manipulating them.

Good luck.

hisbrj
12-Feb-2013, 14:55
thanks, got it! I didn't know and I didn't care about these extended acl before. And I still don't know for sure how those came into my system. I hope to have removed them all, because the default settings of theses extended acl changed what I decided to have. I guess those extended acl came in through the samba share and those share catched my attention. It was not very funny to have a samba configuration with a create mask of 0600, but getting a silly permission of 0674 instead. Removed now! I'm much happier!
Cheers

jmozdzen
13-Feb-2013, 18:26
Hi hisbrj,

removing ACLs from directories shared via Samba may not always be the best choice. Samba uses those to map Windows access permissions, that may have been set explicitly or implicitly by users of that share.

At first I found ACLs non-obvious, but one gets used to it's semantics and I don't care too much about the output of "ls -l" but rather check getfacl under those circumstances.

Of course, if you have a simple share situation with clearly defined and easy access scheme, there's no need to use ACLs. But be prepared for ACLs to re-appear when users create files/directories in those shares.

Regards,
Jens