07-13-2001
Yes, an ACL layer in the kernel /systemuses these functions. Sorry, I was talking more generic. You can do most of what you described in your original post with chown and chmod and don't need complex ACLs.
You said:
Quote:
My idea is, that when a file is created by user x, and the default owning user is y, the ownership is set to y.
This can be done with an SUID script in the shell and does not require the complexity of ACLs. Most organizations that I have worked with set up ACLs do so at the system call and system object level; not at the user file permissions level. ACLs slow down performance and there needs to be a very compelling to use them.
In your original post, the compelling reason to use lower level ACLs is not obvious to me. That is why I suggested a chown wrapper.
10 More Discussions You Might Find Interesting
1. Programming
I need to compile a file,but 'make' does
not work.please tell me how to use it or
need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies
2. Shell Programming and Scripting
I wonder how I shall read the result below, especially 'what'
shown below.
The result was shown when I entered 'w'.
E.g what is TOP? What is gosh ( what does selmgr mean?)?
login@ idle JCPU PCPU what
6:15am 7:04 39 39 TOP
6:34am 6:45 45 45 TOP
6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, guys, I have a big problem.
I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time.
I wander if there are some mistakes configuring the workstation.
the /var/adm/message is as follow:
... (3 Replies)
Discussion started by: cloudsmell
3 Replies
4. UNIX for Dummies Questions & Answers
echo 'it's friday'
why appear the > (3 Replies)
Discussion started by: yls177
3 Replies
5. UNIX for Advanced & Expert Users
Somehow someone created a file named '-ov' in the root directory.
Given the name, the how was probably the result of some cpio command they bozo'ed.
I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies
6. Shell Programming and Scripting
Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies
7. Linux
Hi,
while setting access control list I am getting error "Operation NOt Supported"
Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Discussion started by: manoj.solaris
1 Replies
8. AIX
Hi,
I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies
9. UNIX for Dummies Questions & Answers
Folks;
How can i setup ACL in Apache so i can give a group of users (defined by their emails (all users under *@red.com) access to a web page? (10 Replies)
Discussion started by: moe2266
10 Replies
10. UNIX for Beginners Questions & Answers
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
Discussion started by: wilberforce
0 Replies
CHACL(1) Access Control Lists CHACL(1)
NAME
chacl - change the access control list of a file or directory
SYNOPSIS
chacl acl pathname...
chacl -b acl dacl pathname...
chacl -d dacl pathname...
chacl -R pathname...
chacl -D pathname...
chacl -B pathname...
chacl -l pathname...
chacl -r pathname...
DESCRIPTION
chacl is an IRIX-compatibility command, and is maintained for those users who are familiar with its use from either XFS or IRIX. Refer to
the SEE ALSO section below for a description of tools which conform more closely to the (withdrawn draft) POSIX 1003.1e standard which
describes Access Control Lists (ACLs).
chacl changes the ACL(s) for a file or directory. The ACL(s) specified are applied to each file in the pathname arguments.
Each ACL is a string which is interpreted using the acl_from_text(3) routine. These strings are made up of comma separated clauses each of
which is of the form, tag:name:perm. Where tag can be:
"user" (or "u")
indicating that the entry is a user ACL entry.
"group" (or "g")
indicating that the entry is a group ACL entry.
"other" (or "o")
indicating that the entry is an other ACL entry.
"mask" (or "m")
indicating that the entry is a mask ACL entry.
name is a string which is the user or group name for the ACL entry. A null name in a user or group ACL entry indicates the file's owner or
file's group. perm is the string "rwx" where each of the entries may be replaced by a "-" indicating no access of that type, e.g. "r-x",
"--x", "---".
OPTIONS
-b Indicates that there are two ACLs to change, the first is the file access ACL and the second the directory default ACL.
-d Used to set only the default ACL of a directory.
-R Removes the file access ACL only.
-D Removes directory default ACL only.
-B Remove all ACLs.
-l Lists the access ACL and possibly the default ACL associated with the specified files or directories. This option was added during
the Linux port of XFS, and is not IRIX compatible.
-r Set the access ACL recursively for each subtree rooted at pathname(s). This option was also added during the Linux port of XFS, and
is not compatible with IRIX.
EXAMPLES
A minimum ACL:
chacl u::rwx,g::r-x,o::r-- file
The file ACL is set so that the file's owner has "rwx", the file's group has read and execute, and others have read only access to the
file.
An ACL that is not a minimum ACL, that is, one that specifies a user or group other than the file's owner or owner's group, must contain a
mask entry:
chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2
To set the default and access ACLs on newdir to be the same as on olddir, you could type:
chacl -b `chacl -l olddir |
sed -e 's/.*[//' -e 's#/# #' -e 's/]$//'` newdir
CAUTIONS
chacl can replace the existing ACL. To add or delete entries, you must first do chacl -l to get the existing ACL, and use the output to
form the arguments to chacl.
Changing the permission bits of a file will change the file access ACL settings (see chmod(1)). However, file creation mode masks (see
umask(1)) will not affect the access ACL settings of files created using directory default ACLs.
ACLs are filesystem extended attributes and hence are not typically archived or restored using the conventional archiving utilities. See
attr(5) for more information about extended attributes and see xfsdump(8) for a method of backing them up under XFS.
SEE ALSO
getfacl(1), setfacl(1), chmod(1), umask(1), acl_from_text(3), acl(5), xfsdump(8)
September 2001 ACL File Utilities CHACL(1)