On 01/26/10 12:46 PM, Scott Rotondo wrote: > Tim Haley wrote: >> File with a mode of 0466: >> >> -r--rw-rw- 1 root staff 5 Dec 9 13:18 file.1 >> owner@:-w------------:-------:deny >> owner@:r-----aARWcCos:-------:allow >> group@:rw-p--a-R-c--s:-------:allow >> everyone@:rw-p--a-R-c--s:-------:allow >> >> Deny entry is required to prevent owner from picking up write >> permission from the group@ or everyone@ entry. >> >> File with a mode of 0447: >> >> -r--r--rwx 1 root staff 5 Dec 9 13:18 file.1 >> owner@:-wx-----------:-------:deny >> group@:-wx-----------:-------:deny >> owner@:r-----aARWcCos:-------:allow >> group@:r-----a-R-c--s:-------:allow >> everyone@:rwxp--a-R-c--s:-------:allow >> >> Deny entries are needed for both owner@ and group@ entries to prevent >> the owner or group owner from picking up write/execute permission >> from the everyone@ entry. > > Just to confirm, the examples above are the same regardless of whether > or not the owner is a member of the group, right? [Even if the owner is > not a group member at the time that the ACE's are created, he could be > in the future.] >
Yes > Scott >
