Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to apply acl?
Top Forums UNIX for Beginners Questions & Answers How to apply acl? Post 302978106 by frank_rizzo on Tuesday 26th of July 2016 11:00:31 AM
Old 07-26-2016
Please paste the output of

Code:
getfacl dir5

# as user1
cd dir5

 

10 More Discussions You Might Find Interesting

1. Cybersecurity

ACL

Hi all, I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Discussion started by: -tri-
4 Replies

2. AIX

setting acl

Hi, I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies

3. Shell Programming and Scripting

Need help to create ACL

Hi, I generated a script that will create the list of dir/sub-dir and will allow to create the same on diff server. this is what i have done : #!/bin/ksh # Script to migrate the directory between the two servers. # Ver 0.1 # Author Krishna. D # c - create and e - extract directory if ;... (1 Reply)
Discussion started by: krishnadvn
1 Replies

4. UNIX for Dummies Questions & Answers

how to backup with ACL

Hello All, I just inherent a new server with RedHat AS4 and ACL file system. I'm new to ACL and was trying to dump the system for backup and got errors that the ACL inodes would not be backed up. I have tried different command for backup such as star pax but found that there is a limitation of... (2 Replies)
Discussion started by: larryase
2 Replies

5. Shell Programming and Scripting

Script to find/apply Solaris 10 ACL's

This may be a question for a different forum, but as I will need a script I thought I would start here. We recently migrated from Solaris 8 to Solaris 10. The file system in question here is ZFS, meaning the method for listing and applying ACL's has changed dramatically. To make a long story... (3 Replies)
Discussion started by: Shoeless_Mike
3 Replies

6. Linux

ACL

Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask... thanks (0 Replies)
Discussion started by: Gartlar
0 Replies

7. Solaris

ACL

Can i get the synopsis for add multiple users in single command for ACL access for a directory or a file thanks in advance dinu (3 Replies)
Discussion started by: dinu
3 Replies

8. UNIX for Advanced & Expert Users

Need assistance on ACL

Hi Friends, I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread . Challenge : user : a group : Test1 user: b group: Test2 Say under user a i create dir /tmp/debug with the privilege of 755 and also... (3 Replies)
Discussion started by: leobreaker
3 Replies

9. Solaris

ACL on the Solaris

we have two Solaris 10 servers with same configuration and settings. We have hard mounted the NFS with the version 4. In one of the server the newer ACL commands are working fine (chmod and ls -v) whereas in another only posix (getfacl and setfacl alone is working) when we try ls -V in in that... (13 Replies)
Discussion started by: sathishbabu89
13 Replies

10. UNIX for Beginners Questions & Answers

Help setting ACL's

Folks, Solaris 10 issue When I add a new directory to a path, I only get the "group@" line in the ACL The parent directory ACL is drwxrws---+ 12 root teama 12 Jul 18 10:31 . owner@:rwxp-DaARWc---:------:allow group@:rwxp-DaARWc--s:fd----:allow ... (0 Replies)
Discussion started by: wilberforce
0 Replies

LEARN ABOUT LINUX

dacsacl

DACSACL(1)						       DACS Commands Manual							DACSACL(1)

NAME

       dacsacl - list, check, or re-index access control rules

SYNOPSIS

       dacsacl [dacsoptions[1]] [-build | -nobuild] [-vfs vfs_uri] [...] [op-spec] [acl-name...]

DESCRIPTION

       This program is part of the DACS suite.

       The dacsacl utility performs administrative functions related to access control, such as:

       o   validating the syntax of ACL files (parsing the XML and DACS expressions);

       o   checking that the revocation list (VFS type revocations) exists and performing a syntax check on it;

       o   creating an index (a directory data structure, as an XML file) of access control files; and

       o   listing and deleting access tokens in the authorization cache (refer to dacs_acs(8)[2]).

       Please refer to dacs.acls(5)[3] for details about how access control rule files are named.

	   Important
	   Version 1.4.21 introduced important changes to the way DACS processes access control files, introducing incompatibilities with earlier
	   releases. Please pay special attention to the -convert and -build flags.

	   Most importantly, after adding, deleting, or editing an access control file the ACL index must be regenerated. This can be done simply
	   by running dacsacl with no arguments.

	   Notes
	   o   So that it can be run as part of the installation procedure, dacsacl does not require dacs.conf to exist. If it does exist,
	       however, it must be readable and syntactically correct.

	   o   The program emits a warning message if it finds different ACL files that contain identical url_pattern (or url_expr) attributes. It
	       does not detect pairs of these attributes that are equivalent, however; in general, it is not possible to do so because the actual
	       specifications used to match against a service request are not known until run time. Two or more service elements should never
	       apply to the same service request (other than through wildcard matching) and the result of authorization testing with such rules is
	       indeterminate.

	   o   The dacs_admin(8)[4] web service provides some of the same functionality as dacsacl.

OPTIONS

       In addition to the standard dacsoptions[1], dacsacl recognizes these options:

       -build
	   Index rebuilding is done by default with most modes of operation, but it can be explicitly requested with this flag.

       -nobuild
	   Suppress index rebuilding.

       -vfs vfs_uri
	   This flag, which may be repeated, causes vfs_uri to be defined as if by a VFS[5] directive, overriding any existing definition. This
	   can be used to specify an alternate location for the item types acls or dacs_acls, for instance. As a special case, if acls (dacs_acls)
	   is defined using this flag but not dacs_acls (acls), then only the former's index will be rebuilt.

	   This option can be useful in conjunction with the -un[1] flag so that indexes can be generated before a jurisdiction has been
	   configured.

       The optional op-spec describes one of the following operations:

       -convert
	   This flag is used to convert from the older rule processing scheme (pre-1.4.21) to the current scheme. It should only be needed by
	   installations that are using custom rules (i.e., those other than the standard rules for DACS web pages and web services). Note that in
	   some cases (described below) conversion is not fully automated, so the administrator may need to do some additional work.

       --
	   This flag is a no-op that is used to prevent any following argument from being interpreted as a flag or operation.

       -f file [...]
	   Each file argument is the pathname of an ACL file or a directory containing ACL files. Since ACL files can be organized using a
	   directory structure, directories are checked recursively.

       -l
	   List the full URI of each access control rule in the virtual filestore for item types acls and dacs_acls. No error checking is
	   performed.

       -s
	   List the name (sans prefixes) of each access control rule in the virtual filestore for item types acls and dacs_acls. No error checking
	   is performed.

       -tc
	   Clean up the authorization cache by deleting expired or otherwise invalid entries. Note: since there may not be any concurrency control
	   in effect, this should probably not be done while DACS could be writing to the file.

       -td # ...
	   Delete one or more authorization cache entries by giving their integer listing number (starting at 1, as produced by the -tl flag).
	   Note: since there may not be any concurrency control in effect, this should probably not be done while DACS could be writing to the
	   file.

       -tl
	   List the entries in the authorization cache.

       -tt
	   Truncate the authorization cache, effectively deleting everything in the cache. This is not currently implemented; in the meantime,
	   simply delete the file or database, or copy /dev/null to it.

       If one or more acl-name arguments appear they are interpreted as ACL files accessed through DACS's virtual filestore using item types acls
       and dacs_acls (both are checked). The applicable DACS configuration for the item type determines how an acl-name will be accessed. Note
       that acl-name must be the actual filename.

       If no op-spec or acl-name is specified, dacsacl will examine all ACL files configured for the appropriate DACS jurisdiction.

EXAMPLES

       The following command checks all of the access control rules belonging to the jurisdiction associated with dss.example.com:

	   % dacsacl -u dss.example.com -v
	   Checking: /usr/local/dacs/federations/dss/acls/acl.2
	   Checking: /usr/local/dacs/federations/dss/acls/acl.3
	   Checking: /usr/local/dacs/federations/dss/acls/acl.4
	   Checking: /usr/local/dacs/acls/acl-auth.0
	   (Note: duplicate keys for "acl-auth.0" and "acl-conf.0")
	   Checking: /usr/local/dacs/acls/acl-conf.0
	   (Note: duplicate keys for "acl-conf.0" and "acl-dacs.0")
	   Checking: /usr/local/dacs/acls/acl-dacs.0
	   (Note: duplicate keys for "acl-dacs.0" and "acl-passwd.0")
	   Checking: /usr/local/dacs/acls/acl-passwd.0
	   (Note: duplicate keys for "acl-passwd.0" and "acl-stddocs.0")
	   Checking: /usr/local/dacs/acls/acl-stddocs.0
	   Updated rule: [acls]dacs-fs:/usr/local/dacs/conf/acls/acl-abc.0
	   Updated rule: [acls]dacs-fs:/usr/local/dacs/conf/acls/acl-accounts.0
	   ...
	   Built index for "acls": 44 rules
	   Updated rule: [dacs_acls]dacs-fs:/usr/local/dacs/acls/acl-admin.0
	   Updated rule: [dacs_acls]dacs-fs:/usr/local/dacs/acls/acl-auth-agent.0
	   ...
	   Built index for "dacs_acls": 14 rules
	   58 ACL files were checked (OK)

	   Note
	   While it is not an error for access control rules to have the same numeric suffix, because the suffix partly determines the order in
	   which roles are processed, using equal suffix values accidentally may have unintended results.

       The following command checks only one access control rule belonging to the jurisdiction associated with dss.example.com:

	   % dacsacl -u dss.example.com -v acl.2
	   Checking: /usr/local/dacs/federations/dss/acls/acl.2
	   1 ACL file was checked (OK)

DIAGNOSTICS

       The program exits 0 if everything was fine, 1 if an error occurred.

SEE ALSO

       dacsvfs(1)[6], dacs.acls(5)[3], dacs_acs(8)[7], dacs_admin(8)[4], dacs_vfs(8)[8]

AUTHOR

       Distributed Systems Software (www.dss.ca[9])

COPYING

       Copyright2003-2012 Distributed Systems Software. See the LICENSE[10] file that accompanies the distribution for licensing information.

NOTES

	1. dacsoptions
	   http://dacs.dss.ca/man/dacs.1.html#dacsoptions

	2. dacs_acs(8)
	   http://dacs.dss.ca/man/dacs_acs.8.html#authorization_caching

	3. dacs.acls(5)
	   http://dacs.dss.ca/man/dacs.acls.5.html

	4. dacs_admin(8)
	   http://dacs.dss.ca/man/dacs_admin.8.html

	5. VFS
	   http://dacs.dss.ca/man/dacs.conf.5.html#VFS

	6. dacsvfs(1)
	   http://dacs.dss.ca/man/dacsvfs.1.html

	7. dacs_acs(8)
	   http://dacs.dss.ca/man/dacs_acs.8.html

	8. dacs_vfs(8)
	   http://dacs.dss.ca/man/dacs_vfs.8.html

	9. www.dss.ca
	   http://www.dss.ca

       10. LICENSE
	   http://dacs.dss.ca/man/../misc/LICENSE

DACS 1.4.27b							    10/22/2012								DACSACL(1)
All times are GMT -4. The time now is 11:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy