Hi, Giovanni Torres wrote: > A recursive setfacl on /srv/rrdcached/data might work, something like: > > setfacl -R -m d:u:collectd:rwX /srv/rrdcached/data
I thought about using ACLs, too but it doesn't work due to effective permission ignoring the set mask [1]: # file: data/test1.example.org/load/ # owner: collectd # group: rrdcached # flags: -s- user::rwx group::rwx group:collectd:rwx group:rrdcached:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:collectd:rwx default:group:rrdcached:rwx default:mask::rwx default:other::--- # file: data/test1.example.org/load/load.rrd # owner: collectd # group: rrdcached user::rw- group::rwx #effective:r-- group:collectd:rwx #effective:r-- group:rrdcached:rwx #effective:r-- mask::r-- other::r-- To be honest I don't understand why this applies to collectd (must be the whay collectd is creating the file) but in general this should work: $ touch data/test1.example.org/foo $ getfacl data/test1.example.org/foo # file: data/test1.example.org/foo # owner: root # group: rrdcached user::rw- group::rwx #effective:rw- group:collectd:rwx #effective:rw- group:rrdcached:rwx #effective:rw- mask::rw- other::--- In this case, "foo" could be updated. [1] http://michael.orlitzky.com/articles/problems_with_posix_acls_and_common_utilities.php -Thomas _______________________________________________ collectd mailing list collectd@verplant.org http://mailman.verplant.org/listinfo/collectd