Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Permissions appear different for local and OD users
Operating Systems OS X (Apple) Permissions appear different for local and OD users Post 302390280 by glev2005 on Wednesday 27th of January 2010 12:33:57 PM
Old 01-27-2010
Permissions appear different for local and OD users
If I look at the permissions of a folder on a network share while using a local admin account on my computer, then authenticating as a open directory user to connect to the share, they appear completely different than if I had logged in as an OD user and looked at it, it also appears different from Terminal to finder.

when logged in locally:in the finder mike is owner with r-r-r but in terminal I am the owner

When logged into OD finder shows mike as owner with rw-r-r and temrinal shows the same.

Any ideas why this happens?

---------- Post updated at 12:16 PM ---------- Previous update was at 12:01 PM ----------

I am guessing this is ACLs vs POSIX, we are using ACLs on the server side to set permissions, but I think POSIX are still floating around, at least on the client machines.

---------- Post updated at 12:33 PM ---------- Previous update was at 12:16 PM ----------

Ok, now to be clear. I am using 10.5.8 clients and some version of 10.5 server so ACLs are the default. I don't know if POSIX permissions had gotten copied over from these shares getting migrated over from past servers. If I log in as a local user and connect to a share and then authenticate with my OD creds, I see the wrong permissions in the get info window, and if I view it in the terminal with ls -lae I dont see the ACLS, infact, it shows me as the owner, I'm guessing that is the POSIX permissions. Why would I see POSIX permissions if they are deprecated in 10.5? Are they actually attached to the directory on the network share from when they had been migrated from a past server using POSIX?

If I login as an OD user, the get info shows the correct info and so does the Teminal, including the ACLs.

Do local accounts not show ACLs properly even if they authenticate to shares with OD creds?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Local web cache for restricted users question

I am in charge of a project to teach 20 or so inmates basic computer skills. These people cannot have outside access to the web, but I need to show them how to do a basic Google search and search for articles on Wikipedia. (also needs to be Arabic and English) I was thinking of using a squid... (0 Replies)
Discussion started by: brazen1445
0 Replies

2. UNIX for Dummies Questions & Answers

Is there a way to find users who have sudo permissions for non root?

I want to check if in a host a set of persons have sudo access or not and I dont have root access to the host. (1 Reply)
Discussion started by: pristine
1 Replies

3. UNIX for Dummies Questions & Answers

different permissions to different users

Hi, how can I assign different permissions to different users in unix ? I want to allow userA to read a specific folder and deny read permission to userB thanks (2 Replies)
Discussion started by: aneuryzma
2 Replies

4. UNIX for Dummies Questions & Answers

can I assign permissions only for some users ?

I know how to change permissions for the owner, group or others. if I want a file readable for a group A of users and writable for a group B how can I do it ? thanks (2 Replies)
Discussion started by: aneuryzma
2 Replies

5. Red Hat

Restrict local users to access ftp

Hi, I had installed vsftp in rhel5 and i want to restrict all the local users from accessing the ftp. i want to allow specific users to access the ftp server. Request you to please help. Thanks & regards Arun (1 Reply)
Discussion started by: Arun.Kakarla
1 Replies

6. UNIX for Dummies Questions & Answers

To set different file permissions for different users of same group

Hi, If User1, User2 and User3 are in the same group. User1 should not be able to view the files of User2 and User3. But User2 and User3 should be able to view all files. How to set permission for this. Please help. Thanks, Priya. (1 Reply)
Discussion started by: banupriyat
1 Replies

7. UNIX for Dummies Questions & Answers

Removing permissions from all users including owner

Hello all: I will include a "requirement" for an issue I am attempting to solve for my boss. Basically, he would like to know if there is a way to prevent users and owner from editing 'write' script in Vi. - While working in Unix Vi, users would be able to keep all the previous versions... (15 Replies)
Discussion started by: bruski4
15 Replies

8. Windows & DOS: Issues & Discussions

Script for adding users to file permissions

I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
Discussion started by: Stu Loventhal
2 Replies

9. Shell Programming and Scripting

Script for adding users to file permissions

I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
Discussion started by: Stu Loventhal
2 Replies

10. UNIX for Advanced & Expert Users

Permissions on a directory in /home for all users

Hi, I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions. I did this using chmod -R g+rwx /home/shared/ The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies

LEARN ABOUT V7

getfacl

getfacl(1)							   User Commands							getfacl(1)

NAME

       getfacl - display discretionary file information

SYNOPSIS

       getfacl [-ad] file...

DESCRIPTION

       For  each  argument  that is a regular file, special file, or named pipe, the getfacl utility displays the owner, the group, and the Access
       Control List (ACL).  For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only  directo-
       ries contain default ACLs.

       The getfacl utility may be executed on a file system that does not support ACLs. It reports the ACL based on the base permission bits.

       With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it
       exists.

OPTIONS

       The following options are supported:

       -a	Displays the filename, the file owner, the file group owner, and the ACL of the file.

       -d	Displays the filename, the file owner, the file group owner, and the default ACL of the file, if it exists.

OPERANDS

       The following operands are supported:

       file	The path name of a regular file, special file, or named pipe.

OUTPUT

       The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm

       When multiple files are specified on the command line, a blank line separates the ACLs for each file.

       The ACL entries are displayed in the order in which they are evaluated when an access check is performed. The default ACL entries that  may
       exist on a directory have no effect on access checks.

       The  first three lines display the filename, the file owner, and the file group owner. Notice that when only the -d option is specified and
       the file has no default ACL, only these three lines are displayed.

       The user entry without a user ID indicates the permissions that	are granted to the file owner. One or more additional user  entries  indi-
       cate the permissions that are granted to the specified users.

       The  group  entry  without  a  group  ID  indicates the permissions that  are granted to the file group owner. One or more additional group
       entries indicate the permissions that  are granted to the specified groups.

       The mask entry indicates the ACL mask permissions. These are the maximum permissions allowed to any user entries except the file owner, and
       to any group entries, including the file group owner. These permissions restrict the permissions specified in other entries.

       The other entry indicates the permissions that are granted to others.

       The  default entries may exist only for directories. These entries indicate the default entries that are added to a file created within the
       directory.

       The uid is a login name or a user ID if there is no entry for the uid in the system password file, /etc/passwd. The gid is a group name	or
       a group ID if there is no entry for the gid in the system group file, /etc/group. The perm is a three character string composed of the let-
       ters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the place holder character  -.  The
       perm is displayed in the following order: rwx. If a permission is not granted by an ACL entry, the place holder character appears.

       If   you  use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
       sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective  permissions
       for additional users and groups who have ACL entries on the file.

       In  order  to  indicate	that  the  ACL mask  restricts an ACL entry, getfacl displays an additional tab character, pound sign (#), and the
       actual permissions granted, following the entry.

EXAMPLES

       Example 1: Displaying file information

       Given file foo, with an ACL six entries long, the command

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---

       Example 2: Displaying information after chmod command

       Continue with the above example, after chmod 700 foo was issued:

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--	   #effective:---
       group::---
       mask::---
       other::---

       Example 3: Displaying information when ACL contains default entries

       Given directory doo, with an ACL containing default entries, the command

       host% getfacl -d doo

       would print:

       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

FILES

       /etc/passwd     system password file

       /etc/group      group file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       chmod(1), ls(1), setfacl(1), acl(2), aclsort(3SEC), group(4), passwd(4), attributes(5)

NOTES

       The output from getfacl is in the correct format for input to the setfacl -f command. If the output from getfacl is redirected to  a  file,
       the file may be used as input to setfacl. In this way, a user may easily assign one file's ACL to another file.

SunOS 5.10							    5 Nov 1994								getfacl(1)
All times are GMT -4. The time now is 04:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy