10 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I'm newbie to unix.
There is a directory, say Testing/ under /home/user1.
I have created a user by the name check.
I was looking for a way to give the above user read & execute access only to this directory Testing/ while for other remaining files,directories,etc this user... (2 Replies)
Discussion started by: penqueen
2 Replies
3. UNIX for Advanced & Expert Users
RHEL5.0
As we know, when root create a new user, a new home directory will be created : /home/user
I want to know what determine the access permission of /home/user .
Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies
4. Web Development
Hello,
I've set all permissions for all on my Server folders:
chmod a+rwx ServerFolder
When I browse to localhost:8000 I receive the following error:
You don't have permission to access / on this server.
why ?
thanks (9 Replies)
Discussion started by: aneuryzma
9 Replies
5. Solaris
Hi all
We have a couple of solaris zones running a jboss app in a cluster. Each zone has a shared netapp volume mounted to /app/xxx with everything under that subdir apart from jboss which is local to each zone in /app/jboss-3.2.5
There is a symlink in /app/xxx/jboss-3.2.5 which points to... (0 Replies)
Discussion started by: skewbie
0 Replies
6. UNIX for Advanced & Expert Users
Looking to see if there is a tool/crawler that could export the file permissions to a windows for a unix system ? (3 Replies)
Discussion started by: matvrix
3 Replies
7. UNIX for Dummies Questions & Answers
Hi all,
I created testuser. by following command.
/usr/sbin/adduser -n test -d /disk05/collections/GET/testdata/
and then set its password by following command.
passwd testuser
When I login to system by testuser, it enters everything is ok.
The problem is how to set permission to this... (3 Replies)
Discussion started by: mr_bold
3 Replies
8. Shell Programming and Scripting
hi everyone.
i´ve been burning my head for a week now with this problem and i couldn´t find a solution. i´ve been looking for an answer in this forum but nothing either. so i decided to ask.
the thing is, i want to create a users with permission to kill just a group of users. i know how to write... (6 Replies)
Discussion started by: lucasmarin
6 Replies
9. Shell Programming and Scripting
hi,
I have an account (i.e. abc) which is set up to sftp files from server A to server B; on server B, I have an account (i.e. def) which I use to perform various operation which include invoke certain scripts to execute my java programs. These programs use the files received from server... (2 Replies)
Discussion started by: mpang_
2 Replies
10. UNIX for Dummies Questions & Answers
i did a search before posting
i want to know how to change the permission access for a file / directory. i cant find it in my UNIX book
thanks a lot
edit:
i also need to know what chmod option will allow you to change the permissoin access for a directory and all files and... (2 Replies)
Discussion started by: Combat Form
2 Replies
setfacl(1) User Commands setfacl(1)
NAME
setfacl - modify the Access Control List (ACL) for a file or files
SYNOPSIS
setfacl [-r] -s acl_entries file
setfacl [-r] -md acl_entries file
setfacl [-r] -f acl_file file
DESCRIPTION
For each file specified, setfacl will either replace its entire ACL, including the default ACL on a directory, or it will add, modify, or
delete one or more ACL entries, including default entries on directories.
When the setfacl command is used, it may result in changes to the file permission bits. When the user ACL entry for the file owner is
changed, the file owner class permission bits will be modified. When the group ACL entry for the file group class is changed, the file
group class permission bits will be modified. When the other ACL entry is changed, the file other class permission bits will be modified.
If you use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective permissions
for additional users and groups who have ACL entries on the file.
A directory may contain default ACL entries. If a file or directory is created in a directory that contains default ACL entries, the newly
created file will have permissions generated according to the intersection of the default ACL entries and the permissions requested at
creation time. The umask(1) will not be applied if the directory contains default ACL entries. If a default ACL is specified for a specific
user (or users), the file will have a regular ACL created. Otherwise, only the mode bits will be initialized according to the intersection
described above. The default ACL should be thought of as the maximum discretionary access permissions that may be granted.
acl_entries Syntax
For the -m and -s options, acl_entries are one or more comma-separated ACL entries.
An ACL entry consists of the following fields separated by colons:
entry_type Type of ACL entry on which to set file permissions. For example, entry_type can be user (the owner of a file) or mask (the
ACL mask).
uid or gid User name or user identification number. Or, group name or group identification number.
perms Represents the permissions that are set on entry_type. perms can be indicated by the symbolic characters rwx or a number
(the same permissions numbers used with the chmod command).
The following table shows the valid ACL entries (default entries may only be specified for directories):
ACL Entry Description
u[ser]::perms File owner permissions.
g[roup]::perms File group owner permissions.
o[ther]:perms Permissions for users other than
the file owner or members of file
group owner.
m[ask]:perms The ACL mask. The mask entry indi-
cates the maximum permissions
allowed for users (other than the
owner) and for groups. The mask is
a quick way to change permissions
on all the users and groups.
u[ser]:uid:perms Permissions for a specific user.
For uid, you can specify either a
user name or a numeric UID.
g[roup]:gid:perms Permissions for a specific group.
For gid, you can specify either a
group name or a numeric GID.
d[efault]:u[ser]::perms Default file owner permissions.
d[efault]:g[roup]::perms Default file group owner permis-
sions.
d[efault]:o[ther]:perms Default permissions for users other
than the file owner or members of
the file group owner.
d[efault]:m[ask]:perms Default ACL mask.
d[efault]:u[ser]:uid:perms Default permissions for a specific
user. For uid, you can specify
either a user name or a numeric
UID.
d[efault]:g[roup]:gid:perms Default permissions for a specific
group. For gid, you can specify
either a group name or a numeric
GID.
For the -d option, acl_entries are one or more comma-separated ACL entries without permissions. Notice that the entries for file owner,
file group owner, ACL mask, and others may not be deleted.
OPTIONS
The options have the following meaning:
-d acl_entries Deletes one or more entries from the file. The entries for the file owner, the file group owner, and others may not be
deleted from the ACL. Notice that deleting an entry does not necessarily have the same effect as removing all permissions
from the entry.
-f acl_file Seta a file's ACL with the ACL entries contained in the file named acl_file. The same constraints on specified entries hold
as with the -s option. The entries are not required to be in any specific order in the file. Also, if you specify a dash
'-' for acl_file, standard input is used to set the file's ACL.
The character "#" in acl_file may be used to indicate a comment. All characters, starting with the "#" until the end of the
line, will be ignored. Notice that if the acl_file has been created as the output of the getfacl(1) command, any effective
permissions, which will follow a "#", will be ignored.
-m acl_entries Adds one or more new ACL entries to the file, and/or modifies one or more existing ACL entries on the file. If an entry
already exists for a specified uid or gid, the specified permissions will replace the current permissions. If an entry does
not exist for the specified uid or gid, an entry will be created. When using the -m option to modify a default ACL, you
must specify a complete default ACL (user, group, other, mask, and any additional entries) the first time.
-r Recalculates the permissions for the ACL mask entry. The permissions specified in the ACL mask entry are ignored and
replaced by the maximum permissions necessary to grant the access to all additional user, file group owner, and additional
group entries in the ACL. The permissions in the additional user, file group owner, and additional group entries are left
unchanged.
-s acl_entries Sets a file's ACL. All old ACL entries are removed and replaced with the newly specified ACL. The entries need not be in
any specific order. They will be sorted by the command before being applied to the file.
Required entries:
o Exactly one user entry specified for the file owner.
o Exactly one group entry for the file group owner.
o Exactly one other entry specified.
If there are additional user and group entries:
o Exactly one mask entry specified for the ACL mask that indicates the maximum permissions allowed for users (other than
the owner) and groups.
o Must not be duplicate user entries with the same uid.
o Must not be duplicate group entries with the same gid.
If file is a directory, the following default ACL entries may be specified:
o Exactly one default user entry for the file owner.
o Exactly one default group entry for the file group owner.
o Exactly one default mask entry for the ACL mask.
o Exactly one default other entry.
There may be additional default user entries and additional default group entries specified, but there may not be duplicate
additional default user entries with the same uid, or duplicate default group entries with the same gid.
EXAMPLES
Example 1: Adding read permission only
The following example adds one ACL entry to file abc, which gives user shea read permission only.
setfacl -m user:shea:r-- abc
Example 2: Replacing a file's entire ACL
The following example replaces the entire ACL for the file abc, which gives shea read access, the file owner all access, the file group
owner read access only, the ACL mask read access only, and others no access.
setfacl -s user:shea:rwx,user::rwx,group::rw-,mask:r--,other:--- abc
Notice that after this command, the file permission bits are rwxr-----. Even though the file group owner was set with read/write permis-
sions, the ACL mask entry limits it to have only read permission. The mask entry also specifies the maximum permissions available to all
additional user and group ACL entries. Once again, even though the user shea was set with all access, the mask limits it to have only read
permission. The ACL mask entry is a quick way to limit or open access to all the user and group entries in an ACL. For example, by chang-
ing the mask entry to read/write, both the file group owner and user shea would be given read/write access.
Example 3: Setting the same ACL on two files
The following example sets the same ACL on file abc as the file xyz.
getfacl xyz | setfacl -f - abc
FILES
/etc/passwd password file
/etc/group group file
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
chmod(1), getfacl(1), umask(1), aclcheck(3SEC), aclsort(3SEC), group(4), passwd(4), attributes(5)
SunOS 5.10 31 Oct 2002 setfacl(1)