-2

The manual page

man 5 acl

is not very helpful in this case ... im network I found something but they do not explain in an "understandable" way to people (like me) who are completely fasting on this issue .... can someone explain to me once and for all these ACLs?.

1 Question

What is the "connection" (correlation) between normal permissions and ACLs permission? ... and how do they affect one another?

2 Question

What is the mask? Is it similar to "umask"? in any case ... what could it be used in ACLs?..and... (once again) ... what is the correlation with the "classic" mask (umask) with the ACL one? How does it behave if both are set?

  • 2 Subquestion

I noticed that when the mask is set, the ls command shows a slightly different output:

-rw-rwx---+ 1 <user> <group> file.txt

The file has only "rw" in the group octet... why do showed the group set such as to "rwx" in the output? ... does that "rwx" also concern normal permissions or only acl ones?

3 Question

The reading of the permissions (by the kernel) takes place by analyzing FIRST the classic "normal" permissions and then moving on to the "secondary" (ACL) or in case of ACL the kernel reads the ACL FIRST? Logically, the actions taken by the kernel (or file system) should be these (and correct me if I'm wrong):

If a user sets a folder with permissions "0" in the octet "others", and another user (who is not even part of the group of the owner who created the folder) when trying to perform operations on the folder in question, are first analyzed the classic permissions ... since there is no "match" for the user, the kernel realizes that other permissions ("secondary") are set in this folder via the ACLs ... therefore the kernel also checks the permissions of the acl and if the user in question is "authorized" the kernel "lets go" ... is it correct?

4 question

what is the "others" class used for when it cannot be referred to any specific user? Since ACLs are intended to set access in a more granular way than normal permissions (and so in this case, setting this "others" class from ACLs seems really useless to me), in this case, aren't normal permissions enough to set the "others" class?

Thanks

vincenzogianfelice
  • 315
  • 4
    This is an open-ended question with no objectively correct answer and not applicable to more than one person, once ever. The rest of the world does not know what you do not understand from the copious explanations around the world, including books, magazine articles, WWW pages, and even other questions and answers on this WWW site. It could be anything. Q&As here are supposed to have benefit to other people, not be personal tuition. – JdeBP Feb 21 '20 at 08:28
  • I was just looking for other explanations (more understandable) ... surely further answers are good for me and others ... that's all .. – vincenzogianfelice Feb 22 '20 at 01:18
  • 2
    Further answers to "I personally don't understand this, and I'm not even going to tell you specifically what I do not understand." help no-one. You've already led two answerers all around the houses with answer comments that aren't in the question. See https://unix.stackexchange.com/q/475698/5132 for an example of how to ask a question well. This is an example of how to ask it badly. – JdeBP Feb 22 '20 at 18:57

2 Answers2

3

May be your question is valid and you just need to know where to look so I would try to give you a basic difference or "correlation" as you called it but you have to do further reading yourself. The key is look at man setfacl and man getfacel, not man acl

With traditional chmod you can assign a user, a group, and other permissions. You can assign ONLY one user the ownership of the file. In ACL, you can assign as many users as you want ownership to the same file.

EXAMPLE:

setfacl -m u:vincenzogianfelice:w file

Here I am granting you an additional write access to the file and I add more users without putting them in one group.

Munzir Taha
  • 1,490
  • Thanks.... and sorry for my english :)... and what about the "mask"? here ... this is the thing that I understood less ... – vincenzogianfelice Feb 22 '20 at 04:23
  • @vincenzogianfelice: I haven't mentioned mask in my previous explanation. mask is to set the default permissions for files which you haven't created yet. If you set the mask it would affect future files, check man umask. – Munzir Taha Feb 22 '20 at 04:26
  • Ok...but I cannot understand the output of ls: -rw-rwx---+ 1 <user> <group> file.txt. The file has only "rw" for the user and that's it ... why do show the group set to "rwx" in the output? ... does that "rwx" also concern normal permissions or only acl ones? and then ... how can you set a "global" mask only for ACL? (in normal (standard) permissions I set the mask to 0002) – vincenzogianfelice Feb 22 '20 at 04:39
  • 1
    These questions are not in your original question. I can answer them but this can keep going on and on. If you have specific questions like these put them in a separate question not in the comments and refer me to them and I would answer them. – Munzir Taha Feb 22 '20 at 04:51
  • You're right ... that's why I changed the main question ... I hope I have been clearer – vincenzogianfelice Feb 25 '20 at 15:47
0

ACL (access control list) for dummies:
An ACL is like traveling, If you have a valid passport you can travel to other country without any kind of trouble but if your passport is not valid, you will have troubles when you try to leave the country.
An ACL is a rule series. In Networks is permit or deny traffic if the package match the rules. Example:

deny tcp 172.16.40.0 0.0.0.255 172.16.50.0 0.0.0.255 eq 21
This example means: deny TCP packages with IP in the IP range 172.16.40.0, wildcard mask 0 0.0.0.255 and goes throw the port 21.

user703702
  • 34
  • I had already understood this. Rather, i am interested in what is the "connection" (correlation) between normal permissions and ACLs ... and how do they affect one another? – vincenzogianfelice Feb 22 '20 at 03:23