Comment by opello
1 day ago
> Each of these characters is replaced by the - character to denote that a permission is absent in the ACL entry.
Wouldn't the o::--- default ACL, like mode o-rwx, deny others access in the way you're describing?
1 day ago
> Each of these characters is replaced by the - character to denote that a permission is absent in the ACL entry.
Wouldn't the o::--- default ACL, like mode o-rwx, deny others access in the way you're describing?
See 6.2.1 of RFC8881, where NFSv4 ACLs are described. They are quite similar to Windows ACLs.
Here is kernel dev telling they are against adding NFSv4 ACL implementation. The relevant RichAcls patch never got merged: https://lkml.org/lkml/2016/3/15/52
https://www.rfc-editor.org/rfc/rfc8881#section-6.2.1
I see what I misunderstood, even in the presence of an ALLOW entry, a DENY entry would prohibit access. I am familiar with that on the Windows side but haven't really dug into Linux ACLs. The ACCESS CHECK ALGORITHM[1] section of the acl(5) man page was pretty clear, I think.
[1] https://man7.org/linux/man-pages/man5/acl.5.html#ACCESS_CHEC...