What is the exact purpose of `mask` in file system ACL?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












When I apply default ACL in a directory I see default:mask or just mask in the following two scenario.



Scenario 1



-bash-4.2$ ls -ld test/
drwxr-x---. 2 test test 4096 Oct 15 19:12 test/

-bash-4.2$ setfacl -d -m u:arif:rwx test/

-bash-4.2$ getfacl --omit-header test
user::rwx
group::r-x
other::---
default:user::rwx
default:user:arif:rwx
default:group::r-x
default:mask::rwx
default:other::---


Scenario 2



-bash-4.2$ ls -dl dir/
drwxr-x---. 2 test test 4096 Oct 15 18:17 dir/

-bash-4.2$ getfacl dir
# file: dir
# owner: test
# group: test
user::rwx
group::r-x
other::---

-bash-4.2$ setfacl -m user:arif:rwx dir

-bash-4.2$ getfacl --omit-header dir
user::rwx
user:arif:rwx
group::r-x
mask::rwx
other::---


So what is the purpose of mask here?










share|improve this question

























    up vote
    1
    down vote

    favorite












    When I apply default ACL in a directory I see default:mask or just mask in the following two scenario.



    Scenario 1



    -bash-4.2$ ls -ld test/
    drwxr-x---. 2 test test 4096 Oct 15 19:12 test/

    -bash-4.2$ setfacl -d -m u:arif:rwx test/

    -bash-4.2$ getfacl --omit-header test
    user::rwx
    group::r-x
    other::---
    default:user::rwx
    default:user:arif:rwx
    default:group::r-x
    default:mask::rwx
    default:other::---


    Scenario 2



    -bash-4.2$ ls -dl dir/
    drwxr-x---. 2 test test 4096 Oct 15 18:17 dir/

    -bash-4.2$ getfacl dir
    # file: dir
    # owner: test
    # group: test
    user::rwx
    group::r-x
    other::---

    -bash-4.2$ setfacl -m user:arif:rwx dir

    -bash-4.2$ getfacl --omit-header dir
    user::rwx
    user:arif:rwx
    group::r-x
    mask::rwx
    other::---


    So what is the purpose of mask here?










    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      When I apply default ACL in a directory I see default:mask or just mask in the following two scenario.



      Scenario 1



      -bash-4.2$ ls -ld test/
      drwxr-x---. 2 test test 4096 Oct 15 19:12 test/

      -bash-4.2$ setfacl -d -m u:arif:rwx test/

      -bash-4.2$ getfacl --omit-header test
      user::rwx
      group::r-x
      other::---
      default:user::rwx
      default:user:arif:rwx
      default:group::r-x
      default:mask::rwx
      default:other::---


      Scenario 2



      -bash-4.2$ ls -dl dir/
      drwxr-x---. 2 test test 4096 Oct 15 18:17 dir/

      -bash-4.2$ getfacl dir
      # file: dir
      # owner: test
      # group: test
      user::rwx
      group::r-x
      other::---

      -bash-4.2$ setfacl -m user:arif:rwx dir

      -bash-4.2$ getfacl --omit-header dir
      user::rwx
      user:arif:rwx
      group::r-x
      mask::rwx
      other::---


      So what is the purpose of mask here?










      share|improve this question













      When I apply default ACL in a directory I see default:mask or just mask in the following two scenario.



      Scenario 1



      -bash-4.2$ ls -ld test/
      drwxr-x---. 2 test test 4096 Oct 15 19:12 test/

      -bash-4.2$ setfacl -d -m u:arif:rwx test/

      -bash-4.2$ getfacl --omit-header test
      user::rwx
      group::r-x
      other::---
      default:user::rwx
      default:user:arif:rwx
      default:group::r-x
      default:mask::rwx
      default:other::---


      Scenario 2



      -bash-4.2$ ls -dl dir/
      drwxr-x---. 2 test test 4096 Oct 15 18:17 dir/

      -bash-4.2$ getfacl dir
      # file: dir
      # owner: test
      # group: test
      user::rwx
      group::r-x
      other::---

      -bash-4.2$ setfacl -m user:arif:rwx dir

      -bash-4.2$ getfacl --omit-header dir
      user::rwx
      user:arif:rwx
      group::r-x
      mask::rwx
      other::---


      So what is the purpose of mask here?







      linux permissions acl umask






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 3 hours ago









      muhammad

      514514




      514514




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote













          According to acl man
          ACL Mask denotes access rights that can be granted by entries of type, so the mask contain information about access permissions. In ACL there are an extended set of permissions.



          For example, In POSIX each file or directory has an owner, group, and other with read, write, and executable permissions. While ACL add additional access permissions, called "mask" and can be used to define additional groups/users and extended permissions.



          So the mask field here only applies to the additional permissions you have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, it is recommended not to set mask to anything other than rwx which is the default value. The mask value doesn't affect the standard UNIX user/group/others permissions.



          Scenario #1 above represent file permissions, and scenario #2 is for folder permissions.
          At the kernel level, file creation passes code 0666 to touch system call, and it passes code 0777 to mkdir system call during folder creation, and this way permissions are set to files and folders differently. This difference in the setup of permissions at the kernel level make folders and files behave differently, meaning a folder can inherit its permissions from a parent folder, but a file can't, for example, we need to set a file permissions to make it executable.



          More 1 2






          share|improve this answer






















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475698%2fwhat-is-the-exact-purpose-of-mask-in-file-system-acl%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            4
            down vote













            According to acl man
            ACL Mask denotes access rights that can be granted by entries of type, so the mask contain information about access permissions. In ACL there are an extended set of permissions.



            For example, In POSIX each file or directory has an owner, group, and other with read, write, and executable permissions. While ACL add additional access permissions, called "mask" and can be used to define additional groups/users and extended permissions.



            So the mask field here only applies to the additional permissions you have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, it is recommended not to set mask to anything other than rwx which is the default value. The mask value doesn't affect the standard UNIX user/group/others permissions.



            Scenario #1 above represent file permissions, and scenario #2 is for folder permissions.
            At the kernel level, file creation passes code 0666 to touch system call, and it passes code 0777 to mkdir system call during folder creation, and this way permissions are set to files and folders differently. This difference in the setup of permissions at the kernel level make folders and files behave differently, meaning a folder can inherit its permissions from a parent folder, but a file can't, for example, we need to set a file permissions to make it executable.



            More 1 2






            share|improve this answer


























              up vote
              4
              down vote













              According to acl man
              ACL Mask denotes access rights that can be granted by entries of type, so the mask contain information about access permissions. In ACL there are an extended set of permissions.



              For example, In POSIX each file or directory has an owner, group, and other with read, write, and executable permissions. While ACL add additional access permissions, called "mask" and can be used to define additional groups/users and extended permissions.



              So the mask field here only applies to the additional permissions you have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, it is recommended not to set mask to anything other than rwx which is the default value. The mask value doesn't affect the standard UNIX user/group/others permissions.



              Scenario #1 above represent file permissions, and scenario #2 is for folder permissions.
              At the kernel level, file creation passes code 0666 to touch system call, and it passes code 0777 to mkdir system call during folder creation, and this way permissions are set to files and folders differently. This difference in the setup of permissions at the kernel level make folders and files behave differently, meaning a folder can inherit its permissions from a parent folder, but a file can't, for example, we need to set a file permissions to make it executable.



              More 1 2






              share|improve this answer
























                up vote
                4
                down vote










                up vote
                4
                down vote









                According to acl man
                ACL Mask denotes access rights that can be granted by entries of type, so the mask contain information about access permissions. In ACL there are an extended set of permissions.



                For example, In POSIX each file or directory has an owner, group, and other with read, write, and executable permissions. While ACL add additional access permissions, called "mask" and can be used to define additional groups/users and extended permissions.



                So the mask field here only applies to the additional permissions you have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, it is recommended not to set mask to anything other than rwx which is the default value. The mask value doesn't affect the standard UNIX user/group/others permissions.



                Scenario #1 above represent file permissions, and scenario #2 is for folder permissions.
                At the kernel level, file creation passes code 0666 to touch system call, and it passes code 0777 to mkdir system call during folder creation, and this way permissions are set to files and folders differently. This difference in the setup of permissions at the kernel level make folders and files behave differently, meaning a folder can inherit its permissions from a parent folder, but a file can't, for example, we need to set a file permissions to make it executable.



                More 1 2






                share|improve this answer














                According to acl man
                ACL Mask denotes access rights that can be granted by entries of type, so the mask contain information about access permissions. In ACL there are an extended set of permissions.



                For example, In POSIX each file or directory has an owner, group, and other with read, write, and executable permissions. While ACL add additional access permissions, called "mask" and can be used to define additional groups/users and extended permissions.



                So the mask field here only applies to the additional permissions you have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, it is recommended not to set mask to anything other than rwx which is the default value. The mask value doesn't affect the standard UNIX user/group/others permissions.



                Scenario #1 above represent file permissions, and scenario #2 is for folder permissions.
                At the kernel level, file creation passes code 0666 to touch system call, and it passes code 0777 to mkdir system call during folder creation, and this way permissions are set to files and folders differently. This difference in the setup of permissions at the kernel level make folders and files behave differently, meaning a folder can inherit its permissions from a parent folder, but a file can't, for example, we need to set a file permissions to make it executable.



                More 1 2







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 2 hours ago

























                answered 3 hours ago









                Goro

                9,54164689




                9,54164689



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475698%2fwhat-is-the-exact-purpose-of-mask-in-file-system-acl%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Comments

                    Popular posts from this blog

                    What does second last employer means? [closed]

                    Installing NextGIS Connect into QGIS 3?

                    One-line joke