aur-build.1: example for setfacl

[AladW]

This seems to the be the missing piece to make convenient use of a separate build user.

[AladW]

I suppose with rwX, a third command to set execution permission on /home/custompkgs is needed:

setfacl -dm 'g:aurbuild:rwX' /home/custompkgs
setfacl -Rm 'g:aurbuild:rwX' /home/custompkgs
setfacl -m 'g:aurbuild:rwx' /home/custompkgs

Any simpler way?

[Earnestly]

The specifications for -m and -x flags appear to support being specified multiple times despite the synopsis not making this clear, although the description alludes to this functionality, obliquely...

With that in mind (important to notice that I did not get permission denied on attempting to access the directory despite removing its execute bit), consider:

$ mkdir a; touch -m 0600 a/b; chmod 0700 a

$ setfacl -m g:earnest:rwX -Rm g:earnest:rwX a

$ getfacl -Ra a
# file: a
# owner: earnest
# group: earnest
user::rwx
group::---
group:earnest:rwx
mask::rwx
other::---

# file: a/b
# owner: earnest
# group: earnest
user::rw-
group::r--
group:earnest:rw-
mask::rw-
other::r--

I'm not entirely sure what -d is for.

Edit: It seems -d (Default ACL) is needed so that newly created files may inherit the ACLs from the parent if the parent's ACLs are "promoted" to "Default ACL". In which case the command would be:

setfacl -dm g:aurbuild:rwX -Rm g:aurbuild:rwX -- /home/custompkgs

Files created under /home/custompkgs in the above example will gain group:aurbuild:rwx #effective:rw-, directories will be group:aurbuild:rwx as expected including the default: ACL set.

[AladW]

Thanks 🥇