Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 308

Application of Default ACLs
The following three examples show the main operations for directories and default
ACLs:
1. Add a default ACL to the existing directory mydir with:
setfacl -d -m group:mascots:r-x mydir
The option -d of the setfacl command prompts setfacl to perform the fol-
lowing modifications (option -m) in the default ACL.
Take a closer look at the result of this command:
getfacl mydir
# file: mydir
# owner: tux
# group: project3
user::rwx
user:geeko:rwx
group::r-x
group:mascots:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:mascots:r-x
default:mask::r-x
default:other::---
getfacl returns both the access ACL and the default ACL. The default ACL is
formed by all lines that start with default. Although you merely executed the
setfacl command with an entry for the mascots group for the default ACL,
setfacl automatically copied all other entries from the access ACL to create a
valid default ACL. Default ACLs do not have an immediate effect on access per-
missions. They only come into play when file system objects are created. These
new objects inherit permissions only from the default ACL of their parent directory.
2. In the next example, use mkdir to create a subdirectory in mydir, which inherits
the default ACL.
mkdir mydir/mysubdir
290 Installation and Administration