Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 309

getfacl mydir/mysubdir
# file: mydir/mysubdir
# owner: tux
# group: project3
user::rwx
group::r-x
group:mascots:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:mascots:r-x
default:mask::r-x
default:other::---
As expected, the newly-created subdirectory mysubdir has the permissions from
the default ACL of the parent directory. The access ACL of mysubdir is an exact
reflection of the default ACL of mydir. The default ACL that this directory will
hand down to its subordinate objects is also the same.
3. Use touch to create a file in the mydir directory, for example, touch
mydir/myfile. ls -l mydir/myfile then shows:
-rw-r-----+ ... tux project3 ... mydir/myfile
The output of getfacl mydir/myfile is:
# file: mydir/myfile
# owner: tux
# group: project3
user::rw-
group::r-x
group:mascots:r-x
mask::r--
other::---
touch uses a mode with the value 0666 when creating new files, which means
that the files are created with read and write permissions for all user classes, pro-
vided no other restrictions exist in umask or in the default ACL (see
"Effects of a Default ACL"
sions not contained in the mode value are removed from the respective ACL entries.
Although no permissions were removed from the ACL entry of the group class,
the mask entry was modified to mask permissions not set in mode.
# effective:r--
# effective:r--
(page 289)). In effect, this means that all access permis-
Section
Access Control Lists in Linux 291