diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-08-01 11:27:15 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-08-01 11:28:25 -0400 |
commit | 3ea3d3b103855ca46a1e1557b0017820bbc4e800 (patch) | |
tree | ac4a099066674b9ab6eea8da0fa86dc25302283f | |
parent | 8a69abb4084851b91a7bfeffc601787dab8a8760 (diff) | |
download | bcfg2-3ea3d3b103855ca46a1e1557b0017820bbc4e800.tar.gz bcfg2-3ea3d3b103855ca46a1e1557b0017820bbc4e800.tar.bz2 bcfg2-3ea3d3b103855ca46a1e1557b0017820bbc4e800.zip |
added docs about conflicting ACLs and permissions
-rw-r--r-- | doc/server/plugins/generators/rules.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/server/plugins/generators/rules.txt b/doc/server/plugins/generators/rules.txt index 0b143dcd6..107ec148a 100644 --- a/doc/server/plugins/generators/rules.txt +++ b/doc/server/plugins/generators/rules.txt @@ -376,6 +376,22 @@ It is not currently possible to manually set an effective rights mask; the mask will be automatically calculated from the given ACLs when they are applied. +Note that it is possible to set ACLs that demand different permissions +on a file than those specified in the ``perms`` attribute on the +``Path`` tag. For instance: + +.. code-block:: xml + + <Path name="/etc/foo" perms="0644" group="root" owner="root"> + <ACL type="access" scope="user" user="foouser" perms="rwx"/> + </Path> + +In this case, we've specified permissions of ``0644``, but the +effective rights mask will be "rwx," so setting the ACL will change +the permissions to ``0674``. When this happens, Bcfg2 will change the +permissions and set the ACLs on every run and the entry will be +eternally marked as bad. + SELinux Tag ----------- |