Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ACL
Special Forums Cybersecurity ACL Post 521 by -tri- on Friday 8th of December 2000 04:34:20 AM
Old 12-08-2000
Computer
Hi all,

I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the filesystem's ufs. I've been told that with this setup rights can only be given to files and not directories. You can put a user in a group and give access to the file. But a file can only belong to one group. If I've understood this correctly it means that the options are 1. let the user log in as root 2. let him be an ordinary user. Option number 1 is not the one I want to go with.
But then the problem might be solved with ACL's? How can I see what ACL's I've got (if any)? How do I use them?

Thanking you
 

8 More Discussions You Might Find Interesting

1. AIX

setting acl

Hi, I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies

2. Shell Programming and Scripting

Need help to create ACL

Hi, I generated a script that will create the list of dir/sub-dir and will allow to create the same on diff server. this is what i have done : #!/bin/ksh # Script to migrate the directory between the two servers. # Ver 0.1 # Author Krishna. D # c - create and e - extract directory if ;... (1 Reply)
Discussion started by: krishnadvn
1 Replies

3. Linux

ACL

Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask... thanks (0 Replies)
Discussion started by: Gartlar
0 Replies

4. Solaris

ACL

Can i get the synopsis for add multiple users in single command for ACL access for a directory or a file thanks in advance dinu (3 Replies)
Discussion started by: dinu
3 Replies

5. HP-UX

When did HP-UX have support for ACL?

Hello, I try to find what year HP-UX got support for ACL (Access Control List)? I know that HP-UX was the first Unix with ACL support, but it is very hard to find the information on when that occured. So anyone here know when that did happen? Any answers are appreciated, /eXpander (1 Reply)
Discussion started by: eXpander
1 Replies

6. UNIX for Advanced & Expert Users

Need assistance on ACL

Hi Friends, I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread . Challenge : user : a group : Test1 user: b group: Test2 Say under user a i create dir /tmp/debug with the privilege of 755 and also... (3 Replies)
Discussion started by: leobreaker
3 Replies

7. UNIX for Dummies Questions & Answers

ACL concept

Hi.. Could someone explain about setfacl,getfacl in unix and its uses. Regards, Suresh (1 Reply)
Discussion started by: suresh sunkara
1 Replies

8. UNIX for Advanced & Expert Users

ACL confusion

All, I am trying to clear ACL's completely from all files and folders in a directory. I can get the directories as cleared as: # owner: root # group: root user::rwx group::r-x other::rwx default:user::rwx default:group::r-x default:other::r-x What ever I do I can't remove the... (4 Replies)
Discussion started by: hburnswell
4 Replies

LEARN ABOUT OSF1

getacl

getacl(1)						      General Commands Manual							 getacl(1)

NAME

       getacl - Displays the specified access control list (ACL) on a file of directory

SYNOPSIS

       getacl [-d|-D] [-g group[,group...]] [-n]
	      [-m] [-u user[,user...]] file...

FLAGS

       Displays  the  default  access  ACL  instead of the access ACL.	Valid for directories only.  The -d and -D options are mutually exclusive.
       [Tru64 UNIX]  Displays the default directory ACL instead of the access ACL.  Valid for directories only.  The -d and -D options	are  mutu-
       ally  exclusive.   [Tru64  UNIX]  Display  the  entries for the designated group names or GIDs only.  If a numeric group name exists in the
       group database, then the entry for that group is displayed, not the entry for the GID.  For example if there is a group name "521" with GID
       40,  a  group  name "mygroup" with GID 521, and you request the entry using the -g 521 flag then the entry for the group name "521" is dis-
       played, not the entry for the group name "mygroup".  The -g flag is not defined by POSIX.   [Tru64  UNIX]  Display  the	output	in  multi-
       columns.   The  -m  flag  is  not  defined  by  POSIX.	[Tru64	UNIX]  Display	numeric IDs.  The -n flag is not defined by POSIX.  [Tru64
       UNIX]  Display the entries for the designated user names and UIDs only.	If a numeric user name exists in the user database, then the entry
       for  that  user is displayed, not the entry for the UID.  For example if there is a user name "39456" with UID 420, a user name "fred" with
       UID 39456, and you request the entry using the -u 39456 flag then the entry for user name "39456" is displayed, not the entry for user name
       "fred".	The -u flag may be used multiple times on the command line.

DESCRIPTION

       This command is based on Draft 13 of the POSIX P1003.6 standard.

       The getacl command displays the selected type of ACL for each file or directory named on the command line.

       The following three types of ACLs may be displayed:

       Access ACL	      Used to control access to a file or directory.

       Default directory ACL  Used to specify ACLs inherited by new subdirectories in a directory.  Valid on directories only.

       Default access ACL     Used to specify ACLs inheried by new subdirectories and files in a directory.  Valid on directories only.

       For more nformation on the types of ACLs see the acl(4) reference page and the Security guide.

       If the access ACL is selected for display, and there is no access ACL, the getacl command displays the permission bits in ACL format.  If a
       default ACL is selected for display, and the selected default ACL doesn't exist on the specified directory, only the  ACL  header  will	be
       displayed.

       The user readable format of the ACL consists of the ACL header section and the entries section.	The ACL header section contains, at a min-
       imum, the following three lines:

	      name of the object
	      object owner
	      group owner

       It may also contain blank comment lines or warning messages.  Each line of the ACL header section begins with a # character.

       The ACL entries section by default consists of one line per entry.  Each line contains three colon-separated fields  defined  as:  The  ACL
       entry  tag  type  (user/group/other).   The ACL entry tag qualifier.  This is the name or id that this entry pertains to.  If this field is
       empty the entry refers to the owning user, owning group or other.  The access being granted by the entry.

       The output display format and relative ordering of ACL entries is as follows:

	    user::perm
	    user:uid1:perm
	    user:uid2:perm
	    group::perm
	    group:gid1:perm
	    group:gid2:perm
	    other::perm

       The following are some typical getacl outputs:

       % getacl /ufs/test # # file: /ufs/test # owner: root # group: system # user::rwx user:fran:-wx user:adm:r-- group::r-x other::r-x

       % getacl -g adm /ufs/test # # file: /ufs/test # owner: root # group: system #

       % getacl -u adm /ufs/test # # file: /ufs/test # owner: root # group: system # user:adm:r--

       If any ACL entry is wider than the screen, the access control list is continued on the next line, indented to the previous line.  The width
       of the screen is taken from the COLUMNS environment variable, if the variable is not set, the default width is 80 columns.

       The  -m option may be used to cause the ACL to be displayed in a multicolumn format.  The user entries defined in the ACL are placed on the
       screen in the maximum number of columns allowed by the current size of the screen, followed by the group entries.

       The output from the getacl command is in the correct format for input to the setacl command.  The output may be	redirected  into  a  file,
       then the output file can be used as input to the setacl command.  This technique is useful for assigning the ACL on an existing file to one
       or more new files. For example: $ getacl file1 > entries_file $ setacl -U entries_file file2 file3 file4

       The getacl command displays the access control lists of those files that resides in directories that the user has search permissions to.

       ACLs may be set on files and directories if ACLs are disabled on the system, but ACL access checks and ACL inheritance  won't  take  place.
       The getacl command will print a warning if ACLs are disabled on the system.

       Not all types of filesystems support ACLs.  The getacl command will print a warning if ACLs are not supported on the filesystem.

EXIT VALUES

       If  successful,	the getacl command exits with a status of zero.  Otherwise, this command exits with a status of 1 if it aborted because of
       syntax errors, or if the ACL of one or more files could not be accessed.

RELATED INFORMATION

       Commands: setacl(1)

       Files: acl(4).

       Security delim off

																	 getacl(1)
All times are GMT -4. The time now is 03:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy