If you give a user the ability to create files in a directory, those files automatically give that user POSIX r/w perms. If you create a deny ACL for that user (say, to read), it seems to disobey the precedence rule and not override the POSiX perms. (The example is not imaginary; I have a client that wants to have a drop box that users can add to, see the contents, but not read the contents of the contents once they’re there … FTP service where their customers share an account … OK, I can try to convince them to give every customer their own account, but I don’t think ti will fly.)
Can anyone else confirm this?
Using Workgroup Manager, logged in as your preferred admin account, navigate to your home directory in the Sharing section. Create a new folder. Add an ACL to deny read access to child files. Save a file there (say, `echo “my ACL test”>testfile` while logged in with SSH). You can still read the contents of the file.
Is it a bug? Or an undocumented feature?
-b-
.
.
Comments are closed