The Underscore Archives

I'm banging my head against a wall here... got to be an easy answer. If
anyone's worked with ACLs on the *nixes, could you answer me this:

I'm setting a default ACL on a folder of

setfacl -dm u::rwx,g::rwx,o::r-x,m::rwx,u:user1:rwx,u:user2:rwx dir

(i.e. I want files & folders created inside dir/ to be read/writeable by
both user1 and user2)

However, when I create a file inside dir, the mask it inherits is only r--,
and as such user1 and user2 only have effective read permission, not full
rwx permission? I.e.

%touch dir/foo
%getfacl dir/foo
#file:dir/foo
#owner:xxxx
#group:xxxx
user::rw-
user:user1:rwx              # effective: r--
user:user2:rwx               # effective: r--
group::rwx              # effective: r--
mask::r--
other::r--

The line I don't understand being "mask::r--". Where does that come from? I
said "rwx" in setfacl -d. Grrrr!

I've tried with and without the -n flag to setfacl.

Thank you. I think I'm going mad.

Oliver.