Or put another way, is using v=spf1 a mx ~all recommended over using v=spf1 a mx -all? The RFC does not appear to make any recommendations. My preference has always been to use FAIL, which causes problems to become apparent immediately. I find that with SOFTFAIL, incorrectly configured SPF records are allowed to persist indefinitely, since no one notices.
All of the examples I have seen online, however, seem to use SOFTFAIL. What made me question my choice was …
我试图理解这种 Unix 行为(我碰巧在 Ubuntu 11.10 上测试):
$ touch foo
$ setfacl -m u:nobody:rwx foo
$ getfacl foo
# file: foo
# owner: michael
# group: michael
user::rw-
user:nobody:rwx
group::rw-
mask::rwx
other::r--
$ chmod g-rw foo
$ getfacl foo
# file: foo
# owner: michael
# group: michael
user::rw-
user:nobody:rwx #effective:--x
group::rw- #effective:---
mask::--x
other::r--
请注意,chmod(1) 命令已更新了 ACL 掩码。为什么会发生这种情况?
在SunOS的联机帮助有以下说:
如果使用 chmod(1) 命令更改具有 ACL 条目的文件的文件组所有者权限,则文件组所有者权限和 ACL 掩码都将更改为新权限。请注意,新的 ACL 掩码权限可能会更改对文件具有 ACL 条目的其他用户和组的有效权限。
我问是因为如果 chmod(1) 没有这种行为对我来说会很方便。我希望通过了解它为什么会这样做,我可以更好地设计我设置文件系统权限的方式。