0 Replies Latest reply on Sep 25, 2012 6:58 PM by 963457

    NFSv4 style ACLs "*_inherit" question

    963457
      Hi,
      I'm trying to set up a couple of ACL entries on a directory named parentdir that will allow a specific user named somefool, to create a subdirectory, but I want a member of the group somegroup (which is also the GID of parentdir directory) to be able to delete it, and any files in that subdirectory. So, the ACL's on parentdir look like this:

      root@foo:# ls -vd parentdir
      drwxr-x---+ 10 root somegroup 10 Sep 24 14:34 parentdir
      *0:user:somefool:list_directory/read_data/add_subdirectory/append_data*
      */read_xattr/execute/read_attributes/synchronize:file_inherit*
      */dir_inherit:allow*
      1:user:33:execute:allow
      2:owner@::deny
      3:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
      /append_data/write_xattr/execute/write_attributes/write_acl
      /write_owner:allow
      *4:group@:delete_child/delete:file_inherit/dir_inherit:allow*
      5:group@:add_file/write_data/add_subdirectory/append_data:deny
      6:group@:list_directory/read_data/execute:allow

      With these ACLs, somefool can create a subdirectory, and a member of somegroup can delete that subdirectory. However, if that subdirectory is populated with files created by somefool, the somegroup member cannot delete them (or the directory, for obvious reasons). Can anyone tell me what I'm doing wrong?

      Edited by: 960454 on Sep 25, 2012 11:58 AM