Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Issue with setfacl
Operating Systems Solaris Issue with setfacl Post 302331059 by kumarmani on Friday 3rd of July 2009 09:10:01 AM
Old 07-03-2009
Thanks otheus

I have created file after setting the access control and still its now allowing the user to modify the newly created files
 

8 More Discussions You Might Find Interesting

1. Cybersecurity

Usage of setfacl

Hi, I have a directory with 700 permissions. I intend to give rwx privileges to a user which does not belong to the group. I am using the following command setfacl -m u:prod:rwx test when I checked the privileges using getfacl -a test the output was as follows: # file: test #... (1 Reply)
Discussion started by: chakri400
1 Replies

2. UNIX for Advanced & Expert Users

setfacl

I use: setfacl -m user:bbb:rwx folder1 to give user bbb the permission to go into my folder folder1, and cd folder1 setfacl -m user:bbb:rwx * to give bbb the permission under this folder. however, bbb can not cd to folder1, and got "permission denied" messages. the umask is... (3 Replies)
Discussion started by: fredao
3 Replies

3. Shell Programming and Scripting

Setfacl permission issue

My Admin has written a shell script (Filepermission.ksh) with the following commands and provided me 'exeutive' privileges. However, when I try to run the script, I am getting the following error message. Can some one tell me what could be missing? Thank you for your continued support. Script: ... (0 Replies)
Discussion started by: MeganP
0 Replies

4. Solaris

How to use setfacl

Hi all, If, for e.g. I have folder with permissions like this: drwxr-xr-x 2 fuad_ftp nms 96 Jan 8 13:55 test I want to give for user user123 acces rwx using setfacl: setfacl -m user:user123:rwx test But effective rights still is r-x because of mask... ... (1 Reply)
Discussion started by: nypreH
1 Replies

5. Solaris

Please help --setfacl: illegal option -- R

when i am executing setfacl -Rm u:ggoyal2:rwx,m:rwx dir i am getting error bash-3.00# setfacl -Rm u:ggoyal2:rwx,m:rwx dir setfacl: illegal option -- R usage: setfacl -f aclfile file ... setfacl -d acl_entries file ... setfacl -m acl_entries file ... setfacl -s acl_entries file... (2 Replies)
Discussion started by: manoj_dahiya22
2 Replies

6. Solaris

setfacl on a directory

Hi All, I am trying to set an ACL for a directory on my Solaris 10 box. I have an application which resides under /opt/CA directory. Application is installed by root and running as root. All log and configuration files are placed under /opt/CA as well. What I am trying to do is granting... (1 Reply)
Discussion started by: niyazi
1 Replies

7. UNIX for Advanced & Expert Users

setfacl directory limit

hello, I am using XFS filesystem & ACL (setfacl/getfacl). I can set ACL entries only for 21 users per one directory. For the 22nd user it shows invalid argument. Has somebody the same problem? I need to override this limit. thnks in advance david (3 Replies)
Discussion started by: sigd
3 Replies

8. UNIX for Dummies Questions & Answers

help needed with setfacl

Hi, On the setfacl, I am trying to make one user with no rwx privilleges. After reading the man page I still can't get it. Please let me know the correct command. set user - SAM to have NO rwx privilleges on NEW objects setfacl -dm user:sam:--- /opt set user - SAM to have NO... (2 Replies)
Discussion started by: samnyc
2 Replies

LEARN ABOUT HPUX

smf_security

smf_security(5)                                         Standards, Environments, and Macros                                        smf_security(5)

NAME

       smf_security - service management facility security behavior

DESCRIPTION

       The configuration subsystem for the service management facility, smf(5), requires privilege to modify the configuration of a service. Priv-
       ileges are granted to a user by associating the authorizations described below to the user  through  user_attr(4)  and  prof_attr(4).   See
       rbac(5).

       The following authorization is used to manipulate services and service instances.

       solaris.smf.modify      Authorized to add, delete, or modify services, service instances, or their properties.

   Property Group Authorizations
       The smf(5) configuration subsystem associates properties with each service and service instance. Related properties are grouped. Groups may
       represent an execution method, credential information, application data, or restarter state. The  ability  to  create  or  modify  property
       groups  can  cause  smf(5)  components  to perform actions that may require operating system privilege. Accordingly, the framework requires
       appropriate authorization to manipulate property groups.

       Each property group has a type corresponding to its purpose. The core property group types are method, dependency, application, and  frame-
       work.  Additional  property group types can be introduced, provided they conform to the extended naming convention in smf(5). The following
       basic authorizations, however, apply only to the core property group types:

       solaris.smf.modify.method

           Authorized to change values or create, delete, or modify a property group of type method.

       solaris.smf.modify.dependency

           Authorized to change values or create, delete, or modify a property group of type dependency.

       solaris.smf.modify.application

           Authorized to change values or create, delete, or modify a property group of type application.

       solaris.smf.modify.framework

           Authorized to change values or create, delete, or modify a property group of type framework.

       solaris.smf.modify

           Authorized to add, delete, or modify services, service instances, or their properties.

       Property group-specific authorization can be specified by properties contained in the property group.

       modify_authorization    Authorizations allow the addition, deletion, or modification of properties within the property group.

       value_authorization     Authorizations allow changing the values of any property of the property group except modify_authorization.

       The above authorization properties are only used if they have type astring. If an instance property group does not have one of the  proper-
       ties, but the instance's service has a property group of the same name with the property, its values are used.

   Service Action Authorization
       Certain  actions  on service instances may result in service interruption or deactivation. These actions require an authorization to ensure
       that any denial of service is a deliberate administrative action. Such actions include a request for execution of the  refresh  or  restart
       methods,  or  placement  of  a  service instance in the maintenance or other non-operational state. The following authorization allows such
       actions to be requested:

       solaris.smf.manage      Authorized to request restart, refresh, or other state modification of any service instance.

       In addition, the general/action_authorization property can specify additional authorizations that permit service actions  to  be  requested
       for that service instance. The solaris.smf.manage authorization is required to modify this property.

   Defined Rights Profiles
       Two rights profiles are included that offer grouped authorizations for manipulating typical smf(5) operations.

       Service Management

           A  service  manager  can  manipulate  any  service  in  the  repository  in  any  way.  It  corresponds  to  the solaris.smf.manage and
           solaris.smf.modify authorizations.

           The service management profile is the minimum required to use the pkgadd(1M) or pkgrm(1M) commands to add or remove  software  packages
           that contain an inventory of services in its service manifest.

       Service Operator

           A  service  operator  has  the  ability to enable or disable any service instance on the system, as well as request that its restart or
           refresh method be executed. It corresponds to the solaris.smf.manage and solaris.smf.modify.framework authorizations.

           Sites can define additional rights profiles customized to their needs.

   Remote Repository Modification
       Remote repository servers may deny modification attempts due to additional privilege checks. See NOTES.

SEE ALSO

       auths(1), profiles(1), pkgadd(1M), pkgrm(1M), prof_attr(4), user_attr(4), rbac(5), smf(5)

NOTES

       The present version of smf(5) does not support remote repositories.

SunOS 5.10                                                           2 Dec 04                                                      smf_security(5)
All times are GMT -4. The time now is 01:31 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy