When using the acl_method overwrite you must supply user, group, all (
aka other ), and mask for a complete ACL specification.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
bundle agent main
{
vars:
"acl" slist => {
"user:*:rwx", # System owner should have read write and execute access
"group:*:rw", # System group should have read and write access but not execute
"all:r", # All other users should have read access
"mask:rwx", # The mask should be read write and execute
"user:nickanderson:r", # The user nickanderson should explicitly have read access
"user:a10042:---", # The user a10042 should explicitly have no access
};
files:
"/tmp/acl/dir"
acl => posix_acl_default_access( "overwrite", @(acl) );
}
body acl posix_acl_default_access( method, rules )
{
acl_method => "$(method)";
acl_type => "posix";
acl_default => "access";
aces => { @(acl) };
}
|
We can use getfacl to inspect the permissions are as desired.
# file: tmp/acl/dir
# owner: nickanderson
# group: nickanderson
user::rwx
user:nickanderson:r--
user:a10042:---
group::rw-
mask::rwx
other::r--
default:user::rwx
default:user:nickanderson:r--
default:user:a10042:---
default:group::rw-
default:mask::rwx
default:other::r--