Trent W. Buck <trentbuck@gmail.com> wrote:
Those would be the posix *draft* ACLs that I've never *ever* seen used in practice?
They're used under Debian (and possibly other distributions) to control device access, as I found out. jason@jdc:~$ ls -l /dev/sr0 brw-rw---T+ 1 root cdrom 11, 0 Jul 8 07:15 /dev/sr0 The + indicates the presence of an ACL or other access restriction. Let's investigate. jason@jdc:~$ getfacl /dev/sr0 getfacl: Removing leading '/' from absolute path names # file: dev/sr0 # owner: root # group: cdrom # flags: --t user::rw- user:jason:rw- group::rw- mask::rw- other::--- jason@jdc:~$ Thus user jason is granted read and write permission. If I log in remotely (over ssh) this does not happen, and, as I recall, it's controlled by ConsoleKit.