I have several svn repositories in /projects/svn which should be writeable by 2 users,
mine (unix), and wwwrun (apache, for svn over http)
newly created folders and file should be read/writeable by both users
i played around with setfacl but couldn't get it working the way i need it
my attempt was as follows:
unknown:/projects/svn # setfacl -b .
unknown:/projects/svn # setfacl -m u:unix:rwx,u:wwwrun:rwx,m:rwx .
unknown:/projects/svn # setfacl -dm u:unix:rwx,u:wwwrun:rwx,m:rwx .
unknown:/projects/svn # getfacl .
# file: .
# owner: unix
# group: users
user::rwx
user:wwwrun:rwx
user:unix:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:wwwrun:rwx
default:user:unix:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
unknown:/projects/svn # su -s /bin/bash wwwrun
wwwrun@unknown:/projects/svn> md test
wwwrun@unknown:/projects/svn> getfacl test
# file: test
# owner: wwwrun
# group: www
user::rwx
user:wwwrun:rwx #effective:r-x
user:unix:rwx #effective:r-x
group::r-x
mask::r-x
other::r-x
default:user::rwx
default:user:wwwrun:rwx
default:user:unix:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
wwwrun@unknown:/projects/svn>
as you can see, my user (unix) has only r-x (as effective) permissions
Best Answer
well, i should've just read the manual...
https://web.archive.org/web/20151220084629/http://turing.suse.de/~agruen/acl/linux-acls/online/
Section 'How ACLs Work'
my group bit was to restrictive (r-w), which restricted the mask to r-x, and subsequently the named users in my ACL could not write
actually, it's rather simple :)