Default ACL not working with newly created files in HP-UX | Unix Linux Forums | HP-UX

  Go Back    


HP-UX HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on System V.

Default ACL not working with newly created files in HP-UX

HP-UX


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 10-06-2012
Tabish Imam Tabish Imam is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 8 October 2012, 5:06 AM EDT
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default ACL not working with newly created files in HP-UX

Hi,

I have been struggling with this problem for 4 days now.

I have folder named "import" owned by user "crcftp" belonging to group "users".

The permissions set on the import folder are - drwxrwxrwx+

The plus sign i presume is due to the fact that i have set acl for the users "crcftp" and "oracle" using the following commands.

setacl -m d:u: crcftp:rwx import
setacl -m d:u: oracle:rwx import

Next, I create flatfile through Oracle Procedures (UTL_FILE package) in the folder import

However, the newly created file does not seem to inherit the default ACL through inheritance.

When i perform a getacl on the newly created file (owner - oracle, group - dba), I get the following output:

# file: test5.txt
# owner: oracle
# group: dba
user::rw-
user: oracle:rwx #effective:---
user:crcftp:rwx #effective:---
group::---
class:---
other:---

The umask setting for this user (crcftp) is 022

My OS Version is HP-UX B.11.23

Would be really grateful if somebody can help me with this.

Thanks and regards,
Tabish
Sponsored Links
    #2  
Old 10-06-2012
jim mcnamara jim mcnamara is offline Forum Staff  
...@...
 
Join Date: Feb 2004
Last Activity: 1 October 2014, 6:42 AM EDT
Location: NM
Posts: 10,221
Thanks: 278
Thanked 800 Times in 744 Posts
When you run the utl_file package, oracle overrides local settings, and you get the value of umask permissions of the user running the code.

This is oracle behavior. See the DIRECTORY OBJECT. Also read about the security model
for UTL_FILE_DIR:

UTL_FILE
Sponsored Links
    #3  
Old 10-06-2012
Tabish Imam Tabish Imam is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 8 October 2012, 5:06 AM EDT
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks Jim.

But shouldnt default ACL permissions (using setacl) override the umask permissions? Why am I getting effective permission of --- instead of rwx as per default ACL setting of the directory containing the file?
    #4  
Old 10-06-2012
jim mcnamara jim mcnamara is offline Forum Staff  
...@...
 
Join Date: Feb 2004
Last Activity: 1 October 2014, 6:42 AM EDT
Location: NM
Posts: 10,221
Thanks: 278
Thanked 800 Times in 744 Posts
I have never set acl's on the UTL_FILE_DIR directory because oracle can override them.

This is because a file creator (oracle) has to have write access to the directory in order to create the file. Per POSIX rules: Any file owner with write access to the directory that file lives in can do anything the owner wants to permissions and ownership of the file.
Including mv it to another directory the owner has write access to.

I guess, that your expectation and what oracle does do not appear to match. It is nothing abnormal. I have had lots of problems in the past with oracle-created files and permissions.
Sponsored Links
    #5  
Old 10-07-2012
Tabish Imam Tabish Imam is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 8 October 2012, 5:06 AM EDT
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
So I guess the only way to achieve what i intend to, is by altering the umask setting for oracle user.
Sponsored Links
    #6  
Old 10-08-2012
Tabish Imam Tabish Imam is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 8 October 2012, 5:06 AM EDT
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Hi Jim,

I have set the umask to 022 for oracle user. But it still doesnt resolve my issue. I am getting the permission string as -rw------- for a new file created in the same directory.

Is there anything else i need to do?

My Oracle Database version is: 11.1.0.7.0 - 64bit
Sponsored Links
    #7  
Old 10-11-2012
vbe's Avatar
vbe vbe is offline Forum Staff  
Moderator
 
Join Date: Sep 2005
Last Activity: 1 October 2014, 12:42 PM EDT
Location: Switzerland - GE
Posts: 5,778
Thanks: 160
Thanked 406 Times in 381 Posts
Why are you using ACLs in the first place?
What were you trying to achieve?
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Can't see Newly created LUN by SAN admin janakors Solaris 12 01-25-2012 12:03 PM
default size of a newly created folder anishkumarv UNIX for Advanced & Expert Users 1 03-15-2011 12:56 PM
sftp - get newly created files on incremental basis ravi.videla Shell Programming and Scripting 15 12-20-2010 02:01 AM
Help with command to find all newly created files in a given time period bbzor UNIX for Dummies Questions & Answers 2 01-12-2010 03:16 PM
Newly created files default group and write permissions goldfish UNIX for Dummies Questions & Answers 2 02-20-2008 05:39 PM



All times are GMT -4. The time now is 08:21 PM.