Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: setting ACL's
Special Forums Cybersecurity setting ACL's Post 3917 by Neo on Friday 13th of July 2001 02:19:27 PM
Old 07-13-2001
Yes, an ACL layer in the kernel /systemuses these functions. Sorry, I was talking more generic. You can do most of what you described in your original post with chown and chmod and don't need complex ACLs.

You said:
Quote:
My idea is, that when a file is created by user x, and the default owning user is y, the ownership is set to y.
This can be done with an SUID script in the shell and does not require the complexity of ACLs. Most organizations that I have worked with set up ACLs do so at the system call and system object level; not at the user file permissions level. ACLs slow down performance and there needs to be a very compelling to use them.

In your original post, the compelling reason to use lower level ACLs is not obvious to me. That is why I suggested a chown wrapper.

 

10 More Discussions You Might Find Interesting

1. Programming

i can't use 'make' in my computer?

I need to compile a file,but 'make' does not work.please tell me how to use it or need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies

2. Shell Programming and Scripting

Clearify what it means under 'WHAT' when hit the 'w'-command

I wonder how I shall read the result below, especially 'what' shown below. The result was shown when I entered 'w'. E.g what is TOP? What is gosh ( what does selmgr mean?)? login@ idle JCPU PCPU what 6:15am 7:04 39 39 TOP 6:34am 6:45 45 45 TOP 6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies

3. UNIX for Dummies Questions & Answers

HELP! The '/var/adm/message' file increase every few seconds???

Hi, guys, I have a big problem. I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time. I wander if there are some mistakes configuring the workstation. the /var/adm/message is as follow: ... (3 Replies)
Discussion started by: cloudsmell
3 Replies

4. UNIX for Dummies Questions & Answers

quoting echo 'it's friday'

echo 'it's friday' why appear the > (3 Replies)
Discussion started by: yls177
3 Replies

5. UNIX for Advanced & Expert Users

How to remove a file with a leading dash '-' in it's name?

Somehow someone created a file named '-ov' in the root directory. Given the name, the how was probably the result of some cpio command they bozo'ed. I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies

6. Shell Programming and Scripting

What are the differences between 'bash' and 'sh'

Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies

7. Linux

setting acl on linux

Hi, while setting access control list I am getting error "Operation NOt Supported" Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Discussion started by: manoj.solaris
1 Replies

8. AIX

setting acl

Hi, I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies

9. UNIX for Dummies Questions & Answers

setting up ACL in Apache

Folks; How can i setup ACL in Apache so i can give a group of users (defined by their emails (all users under *@red.com) access to a web page? (10 Replies)
Discussion started by: moe2266
10 Replies

10. UNIX for Beginners Questions & Answers

Help setting ACL's

Folks, Solaris 10 issue When I add a new directory to a path, I only get the "group@" line in the ACL The parent directory ACL is drwxrws---+ 12 root teama 12 Jul 18 10:31 . owner@:rwxp-DaARWc---:------:allow group@:rwxp-DaARWc--s:fd----:allow ... (0 Replies)
Discussion started by: wilberforce
0 Replies

LEARN ABOUT SUSE

chacl

CHACL(1)						       Access Control Lists							  CHACL(1)

NAME

       chacl - change the access control list of a file or directory

SYNOPSIS

       chacl acl pathname...
       chacl -b acl dacl pathname...
       chacl -d dacl pathname...
       chacl -R pathname...
       chacl -D pathname...
       chacl -B pathname...
       chacl -l pathname...
       chacl -r pathname...

DESCRIPTION

       chacl  is an IRIX-compatibility command, and is maintained for those users who are familiar with its use from either XFS or IRIX.  Refer to
       the SEE ALSO section below for a description of tools which conform more closely to the (withdrawn  draft)  POSIX  1003.1e  standard  which
       describes Access Control Lists (ACLs).

       chacl changes the ACL(s) for a file or directory.  The ACL(s) specified are applied to each file in the pathname arguments.

       Each ACL is a string which is interpreted using the acl_from_text(3) routine.  These strings are made up of comma separated clauses each of
       which is of the form, tag:name:perm.  Where tag can be:

       "user" (or "u")
	      indicating that the entry is a user ACL entry.

       "group" (or "g")
	      indicating that the entry is a group ACL entry.

       "other" (or "o")
	      indicating that the entry is an other ACL entry.

       "mask" (or "m")
	      indicating that the entry is a mask ACL entry.

       name is a string which is the user or group name for the ACL entry.  A null name in a user or group ACL entry indicates the file's owner or
       file's  group.	perm is the string "rwx" where each of the entries may be replaced by a "-" indicating no access of that type, e.g. "r-x",
       "--x", "---".

OPTIONS

       -b     Indicates that there are two ACLs to change, the first is the file access ACL and the second the directory default ACL.

       -d     Used to set only the default ACL of a directory.

       -R     Removes the file access ACL only.

       -D     Removes directory default ACL only.

       -B     Remove all ACLs.

       -l     Lists the access ACL and possibly the default ACL associated with the specified files or directories.  This option was added  during
	      the Linux port of XFS, and is not IRIX compatible.

       -r     Set the access ACL recursively for each subtree rooted at pathname(s).  This option was also added during the Linux port of XFS, and
	      is not compatible with IRIX.

EXAMPLES

       A minimum ACL:

	 chacl u::rwx,g::r-x,o::r-- file

       The file ACL is set so that the file's owner has "rwx", the file's group has read and execute, and others have  read  only  access  to  the
       file.

       An  ACL that is not a minimum ACL, that is, one that specifies a user or group other than the file's owner or owner's group, must contain a
       mask entry:

	 chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2

       To set the default and access ACLs on newdir to be the same as on olddir, you could type:

	 chacl -b `chacl -l olddir | 
	     sed -e 's/.*[//' -e 's#/# #' -e 's/]$//'` newdir

CAUTIONS

       chacl can replace the existing ACL.  To add or delete entries, you must first do chacl -l to get the existing ACL, and use  the	output	to
       form the arguments to chacl.

       Changing  the  permission  bits	of a file will change the file access ACL settings (see chmod(1)).  However, file creation mode masks (see
       umask(1)) will not affect the access ACL settings of files created using directory default ACLs.

       ACLs are filesystem extended attributes and hence are not typically archived or restored using the conventional archiving  utilities.   See
       attr(5) for more information about extended attributes and see xfsdump(8) for a method of backing them up under XFS.

SEE ALSO

       getfacl(1), setfacl(1), chmod(1), umask(1), acl_from_text(3), acl(5), xfsdump(8)

September 2001							ACL File Utilities							  CHACL(1)
All times are GMT -4. The time now is 12:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy