Wed, 03 Feb 2010

Dear lazyweb, I have problem understanding ACLs, maybe you can help me?

It was easy to understand how to activate and set ACLs and I also understood the mask, which defines the maximum rights a user might get through ACLs.

However, what I don't understand is, why this mask is dynamically calculated and set with every chmod (or equivalent) access...

Perhaps I should describe my problem a bit more: For our (web-) developers Linux workstations I need to grant them some additional rights to the configuration files. As they always get no tasks and need to install new software (solved via sudo) and change the configuration, I so far thought the easiest would be to grant them write privileges on /etc (safe some special files like /etc/shadow of course).

So I thought I could use ACLs to grant them rwx-privileges. Using default-ACLs (which are inherited when creating new files) it would be easy, if they e.g. install an own Apache web server, as the new directory and the new files inherit the default ACL.

However, due to the mask being set to r-x, our developers still don't get write permission on /etc/apache2/foo. I tried to set a default mask, too, which seems to be inherited. But as soon as the package management does the equivalent of chmod 740 the mask gets recalculated and my ACLs don't work any more.

Appearently, ACLs are not the solution to my problem :( But how do I solve my problem? And why is the mask always recalculated?

postet at 14:13 into [Debian] permanent link