01-07-2017
Question for expert only in Access control list
If I'm the admin for the financial system and I want to configure authorization pf file system permission.Also, The first rule is that Managers and clerks can read and write billings for all cases. The second rules is that Paralegals and administrative assits can read and write billings only on cases assigned to their supervising Manager.
how to write these rules in Linux by using ACL approach
10 More Discussions You Might Find Interesting
1. Filesystems, Disks and Memory
In Windows XP, there are 3 default access control groups namely: Administrators, Users and Power Users. Is there default access control groups in Unix system? If there is, what are they?
newbie. (1 Reply)
Discussion started by: zertoir
1 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I was wondering if someone could help me with ACL's. I have a file, say output, created by the root user, member of group other. Its permissions are rwxr--r--. I want only people in group other to have rwx access, but I also want one other user, stephen, member of some_other_group to have rwx... (1 Reply)
Discussion started by: sroberts82
1 Replies
3. Shell Programming and Scripting
Hey all, I have a directory (own by user: b; group: grpB) which I want a user (user: a; group: grpA) to be able to read and execute from, I wonder if I should add user a to this particular directory's ACL or that I would add group grpB to user a's subgroup?
I would like to know the difference... (3 Replies)
Discussion started by: mpang_
3 Replies
4. Solaris
Hi,
I want to set access control list on folders but it should be recursively,
any Idea? command (1 Reply)
Discussion started by: manoj.solaris
1 Replies
5. UNIX for Dummies Questions & Answers
Folks;
I need some help with these:
1. understanding how to control access rights and manage visibility using FTP in Solaris, in other words, I need to use FTP in Solaris to be able to give some users access to add/modify data to/from the UNIX server.
2. How can i control the space allowed for... (2 Replies)
Discussion started by: Katkota
2 Replies
6. UNIX for Dummies Questions & Answers
In OS like windows, I can define an Access Control List (ACL) and specify which accounts and groups have what access to a specific file.
I assume U*X, Linux and cygwin on windows have this ACL feature too. I'm using cygwin on windows. What do I type at a bash prompt to allow a specific user... (1 Reply)
Discussion started by: siegfried
1 Replies
7. UNIX for Dummies Questions & Answers
I need to control intenet access @ work. xample. I need PC 1 to only be able to access these five sites and add to the list as needed. Can anyone pint me a direction. (1 Reply)
Discussion started by: fruiz
1 Replies
8. AIX
Hello,
I've configurated a LDAP user authentication on AIX V6 against Active Directory (Windows Server 2008).
The Tree is built as follows:
test (DC)
|--- testgroup (group with members: user1, user2)
|
|--- sys1 (OU)
| |--- sys1group (group with member: user1)
|
|--- sys2 (OU)... (0 Replies)
Discussion started by: xia777
0 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I am using eTrust Access Control at work. I have got no output after type checklogin. I wonder what is the reason. Does anyone know? Thanks
eTrustAC selang v8.00a-1555.13 - eTrustAC command line interpreter
Copyright (c) 2006 CA. All rights reserved.
eTrustAC> checklogin user1... (0 Replies)
Discussion started by: uuontario
0 Replies
10. Proxy Server
Dear all experts here,
:)
I would like to install a proxy server on Linux server to perform solely to control the access of Web server.
In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server.
I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies
LEARN ABOUT PLAN9
fs_cleanacl
FS_CLEANACL(1) AFS Command Reference FS_CLEANACL(1)
NAME
fs_cleanacl - Remove obsolete entries from an ACL
SYNOPSIS
fs cleanacl [-path <dir/file path>+] [-help]
fs cl [-p <dir/file path>+] [-h]
DESCRIPTION
The fs cleanacl command removes from the access control list (ACL) of each specified directory or file any entry that refers to a user or
group that no longer has a Protection Database entry. Such an entry appears on the ACL as an AFS user ID number (UID) rather than a name,
because without a Protection Database entry, the File Server cannot translate the UID into a name.
Cleaning access control lists in this way not only keeps them from becoming crowded with irrelevant information, but also prevents the new
possessor of a recycled AFS UID from obtaining access intended for the former possessor of the AFS UID. (Note that recycling UIDs is not
recommended in any case.)
OPTIONS
-path <dir/file path>+
Names each directory for which to clean the ACL (specifying a filename cleans its directory's ACL). If this argument is omitted, the
current working directory's ACL is cleaned.
Specify the read/write path to each directory, to avoid the failure that results from attempting to change a read-only volume. By
convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example,
/afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the fs mkmount
reference page.
-help
Prints the online help for this command. All other valid options are ignored.
OUTPUT
If there are no obsolete entries on the ACL, the following message appears:
Access list for <path> is fine.
Otherwise, the output reports the resulting state of the ACL, following the header
Access list for <path> is now
At the same time, the following error message appears for each file in the cleaned directories:
fs: '<filename>': Not a directory
EXAMPLES
The following example illustrates the cleaning of the ACLs on the current working directory and two of its subdirectories. Only the second
subdirectory had obsolete entries on it.
% fs cleanacl -path . ./reports ./sources
Access list for . is fine.
Access list for ./reports is fine.
Access list for ./sources is now
Normal rights:
system:authuser rl
pat rlidwka
PRIVILEGE REQUIRED
The issuer must have the "a" (administer) permission on each directory's ACL (or the ACL of each file's parent directory); the directory's
owner and the members of the system:administrators group have the right implicitly, even if it does not appear on the ACL.
SEE ALSO
fs_listacl(1), fs_mkmount(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 FS_CLEANACL(1)