On 07/21/2012 11:56 PM, Eric Blake wrote: > tag 12020 moreinfo > thanks > > On 07/21/2012 12:41 PM, Luk Claes wrote: >> Hi >> >> Currently when using POSIX acls, this is not visible when listing files >> with ls. This means that users and system administrators cannot easily >> see when (non trivial) POSIX acls are in use which obviously can result >> in wrong expectations when only seeing the rwx kind of acls. > > What version of coreutils are you using, and on what distro?
I'm using Debian, version 8.13 >> At a minimum I would like that ls would show that extended system >> attributes are being used (maybe by showing something different than - >> for the type of file?). > > But ls _does_ already do that. > Notice how the 11th character changed from '+' (ACL present) to '.' > (SELinux label present)? That is, a trailing '+' is already what > coreutils uses to indicate the presence of ACLs (which generally provide > additional rights); and a trailing '.' indicates the presence of > restrictions (SELinux labels typically restrict rights depending on the > labeling of the calling context). On systems with neither ACLs nor > SELinux labels, then the 11th character is ' ' (space) to indicate no > other special permissions. Nice, though in that case it does apparently not vanish when I only remove the non-trivial acl again and keep the mask: $ getfacl foo # file: foo # owner: luk # group: luk user::rw- user:mongodb:rw- group::r-- mask::rw- other::r-- $ ls -l foo -rw-rw-r--+ 1 luk luk 5 Jul 22 00:37 foo $ setfacl -x u:mongodb foo $ ls -l foo -rw-r--r--+ 1 luk luk 5 Jul 22 00:37 foo $ getfacl foo # file: foo # owner: luk # group: luk user::rw- group::r-- mask::r-- other::r-- Though I guess it's close enough, only a pitty it's not in the manpage. So feel free to close this or retarget it. Cheers Luk