11-16-2009
Solaris 10 ZFS ACL help
All,
Does anyone know of a simple way to traverse a file system and collect all ACL's (or ACE's as they are called now)? We use to be able to use getfacl fairly easily for this task but now we are forced to use -v or -V with the 'ls' command to get the extended permissions for a directory/file.
Thanks -
Mike
8 More Discussions You Might Find Interesting
1. Solaris
I'm typing on a nice Sunblade 100 that is willing to be a lab rat for my experiments.
I installed Solaris 10 and want to mess with ZFS.
Does anyone have any docs on how to install zfs or how to convert my current UFS filesystems to ZFS?
Does anyone have any experiences good or bad with ZFS... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
2. Filesystems, Disks and Memory
Hi All,
Is there any way to use mv command and
that should apply ACL on the moved files that is already set in distination location
This mv command is running in a solaris system. File system is NFS.
Problem I am facing : Currently mv command removes ACL from moved files
and also it... (0 Replies)
Discussion started by: Tlogine
0 Replies
3. Solaris
I've been wondering about this one, is there any way to do the following with ZFS ACL's (i.e. "copy" the ACL over to another file)?
getfacl /bla/dir1 | setfacl -f - /bla/dir2
I know about inheritence on dirs, it doesn't work in this scenario I'm working on. Just looking to copy the ACL's.
... (3 Replies)
Discussion started by: vimes
3 Replies
4. Shell Programming and Scripting
This may be a question for a different forum, but as I will need a script I thought I would start here.
We recently migrated from Solaris 8 to Solaris 10. The file system in question here is ZFS, meaning the method for listing and applying ACL's has changed dramatically. To make a long story... (3 Replies)
Discussion started by: Shoeless_Mike
3 Replies
5. Solaris
Hi,
I am running into a some problems creating a dual boot system of 2 solaris instances using ZFS file system and I was wondering if someone can help me out.
First some back ground. I have been asked to change the file system of our server from UFS to ZFS. Currently we are using Solaris... (3 Replies)
Discussion started by: estammis
3 Replies
6. Solaris
I have share with samba
a directory called /var/pubblica
i set write permission correctly on smb.conf and
zfs acl
\chmod A+group:"domain... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies
7. Solaris
we have two Solaris 10 servers with same configuration and settings. We have hard mounted the NFS with the version 4.
In one of the server the newer ACL commands are working fine (chmod and ls -v) whereas in another only posix (getfacl and setfacl alone is working) when we try ls -V in in that... (13 Replies)
Discussion started by: sathishbabu89
13 Replies
8. Solaris
I want to set ACL permissions using this command in solaris 10 , but I get an error message.
server# mkdir dir1
server# setfacl -m user:allan:rwx dir1
setacl error: Operation not applicable
Any one can help in this matter.
Please use CODE tags as required by forum rules! (2 Replies)
Discussion started by: AbuAliiiiiiiiii
2 Replies
LEARN ABOUT CENTOS
setcifsacl
SETCIFSACL(1) CIFS Access Control List Tools SETCIFSACL(1)
NAME
setcifsacl - Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS)
SYNOPSIS
setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
DESCRIPTION
This tool is part of the cifs-utils suite.
setcifsacl is a userspace helper program for the Linux CIFS client file system. It is intended to alter an ACL of a security descriptor
for a file system object. Whether a security descriptor to be set is applied or not is determined by the CIFS/SMB server.
This program uses a plugin to handle the mapping of user and group names to SIDs. /etc/cifs-utils/idmap-plugin should be a symlink that
points to the correct plugin to use.
OPTIONS
-h
Print usage message and exit.
-v
Print version number and exit.
-a
Add one or more ACEs to an ACL of a security descriptor. An ACE is added even if the same ACE exists in the ACL.
-D
Delete one or more ACEs from an ACL of a security descriptor. Entire ACE has to match in an existing ACL for the listed ACEs to be
deleted.
-M
Modify one or more ACEs from an ACL of a security descriptor. SID and type are used to match for existing ACEs to be modified with the
list of ACEs specified.
-S
Set an ACL of security descriptor with the list of ACEs Existing ACL is replaced entirely with the specified ACEs.
Every ACE entry starts with "ACL:" One or more ACEs are specified within double quotes. Multiple ACEs are separated by a comma.
Following fields of an ACE can be modified with possible values:
SID: Either a name or a raw SID value.
type: ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)
flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or
0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values.
mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value
EXAMPLES
Add an ACE
setcifsacl -a "ACL:CIFSTESTDOMuser2:DENIED/0x1/D" <file_name> setcifsacl -a "ACL:CIFSTESTDOMuser1:ALLOWED/OI|CI|NI/D" <file_name>
Delete an ACE
setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
Modify an ACE
setcifsacl -M "ACL:CIFSTESTDOMuser1:ALLOWED/0x1f/CHANGE" <file_name>
Set an ACL
setcifsacl -S "ACL:CIFSTESTDOMAdministrator:0x0/0x0/FULL,
ACL:CIFSTESTDOMuser2:0x0/0x0/FULL" <file_name>
NOTES
Kernel support for getcifsacl/setcifsacl utilities was initially introduced in the 2.6.37 kernel.
SEE ALSO
mount.cifs(8), getcifsacl(1)
AUTHOR
Shirish Pargaonkar wrote the setcifsacl program.
The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.
cifs-utils 08/19/2011 SETCIFSACL(1)