Hi Michael, > Am 21.10.2016 um 17:35 schrieb Michael Stauffer <mgsta...@gmail.com>: > > SoGE 8.1.8 > > Hi, > > We have some group data directories that are setup with group sticky bits so > that new files are all owned by the linux group assigned to the data dir, and > use ACL's to have new files group-readable and group-writeable by default, > like so: > > # file: . > # owner: pcook > # group: detre_group > # flags: -s- > user::rwx > group::rwx > other::--- > default:user::rwx > default:group::rwx > default:other::--- > > We've noticed that SGE stdio files that are written in these dirs are made > without group-write permissions, i.e. they're 640 instead of 660:
But one of detre_group can still remove/change the files, as the directory is writable (and even become the owner of the files). > -rw-r----- 1 mgstauff detre_group 0 2016-10-21 11:07 my.stderr > -rw-r----- 1 mgstauff detre_group 0 2016-10-21 11:07 my.stdout There are some things to note: The two files above have no ACL attached, as it's not necessary to attach an ACL (the "+" is missing after the rights). The default permissions can be coded in the usual bits. There would be a "+", in case the default ACL for the directory has named entries for the name and/or user (or a mask entry in the ACL). Having named entries in the ACL, the usual group rights represent the mask (changing the mask in the ACL will show up in the default group bits then). == There were several discussions about it, AFAICS the files are created with the named entries like one expects and have an ACL attached, but SGE has a hard-coded 022 in the source for the rights and will reset the write bit for the group, i.e. the mask in case of named entries. == What behavior do you want to achieve? Not which bits are set, but what the users should be able to do, or not to do? -- Reuti > > So it seems to be ignoring or otherwise overriding the ACL defaults. Does > anyone have an idea why this might be? > > This is the same whether stido is set via -o and -e options like above, or > just uses the default naming, fwiw. > > Thanks > > -M > > > _______________________________________________ > users mailing list > users@gridengine.org > https://gridengine.org/mailman/listinfo/users _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
