Login or Register to Ask a Question and Join Our Community


Solaris

Issue with setfacl

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Issue with setfacl
# 8  
Old 07-03-2009
Your original request:
Quote:
Once I logging as user1 ... I am unable to edit / modify the file which is own by root.
Your updated statement:
Quote:
its now allowing to modify the files which are own by root
What is it you want?
# 9  
Old 07-03-2009
Sorry , that was typo i mean its not allowing to modify / edit from user1
# 10  
Old 07-03-2009
The umask might be coming into play. What's your umask? Change it to 000 and try again.
# 11  
Old 07-03-2009
I don't think the umask should help.
User1 is granted read and write access only for the directory itself which means he can create, rename and delete files there, even those that do not belong to him.
Files in that directory keep their permissions so it is expected for user1 not to be able to directly modify root owned files content.
# 12  
Old 07-03-2009
The ACL mask in a directory represents the "maximum" permissions a file can have -- it does not force new files to have those permissions. It's not like umask.
# 13  
Old 07-03-2009
I don't understand it that way.
The ACL mask parameter when set to a directory apply to permissions set to that directory, not to existing or new files inside it.
Last edited by jlliagre; 07-04-2009 at 06:15 AM.. Reason: missing "to"
# 14  
Old 07-03-2009
There are two differing acl schemes floating around. We are discussing the older scheme that is in use on Solaris ufs file systems. Setting an acl on a directory does not propagate to any pre-existing files under that directory. If a file is created in a directory with an acl set, that acl is not automatically applied to the file. You can't set a file's umask with a setfacl or by any other technique. Files do not have umasks, processes have umasks.

This form of acl does have a "mask" concept. It is intended to enable a non-acl aware program to be able to interact with a file that has acls. The file owner is immune from the mask and so is the "world" (or "other"). These two classes of users are clearly defined in an identical fashion whether or not you use acls. But an acl can specify various other groups and users and these folks don't make sense to a non-acl aware program. So the idea is to use this "mask" concept. For example, if a program uses the chmod() system call to remove group execute permission, execute permission is removed from the mask. This is a controversial idea, but it does make some sense... older programs can continue to run.

If you still don't understand the mask concept, just do this:
Whenever you change the permission on a non-owner user or a group with a setfacl command, specify the -r option to recompute the mask and other than that leave the mask alone.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

help needed with setfacl

Hi, On the setfacl, I am trying to make one user with no rwx privilleges. After reading the man page I still can't get it. Please let me know the correct command. set user - SAM to have NO rwx privilleges on NEW objects setfacl -dm user:sam:--- /opt set user - SAM to have NO... (2 Replies)
Discussion started by: samnyc
2 Replies

2. UNIX for Advanced & Expert Users

setfacl directory limit

hello, I am using XFS filesystem & ACL (setfacl/getfacl). I can set ACL entries only for 21 users per one directory. For the 22nd user it shows invalid argument. Has somebody the same problem? I need to override this limit. thnks in advance david (3 Replies)
Discussion started by: sigd
3 Replies

3. Solaris

setfacl on a directory

Hi All, I am trying to set an ACL for a directory on my Solaris 10 box. I have an application which resides under /opt/CA directory. Application is installed by root and running as root. All log and configuration files are placed under /opt/CA as well. What I am trying to do is granting... (1 Reply)
Discussion started by: niyazi
1 Replies

4. Solaris

Please help --setfacl: illegal option -- R

when i am executing setfacl -Rm u:ggoyal2:rwx,m:rwx dir i am getting error bash-3.00# setfacl -Rm u:ggoyal2:rwx,m:rwx dir setfacl: illegal option -- R usage: setfacl -f aclfile file ... setfacl -d acl_entries file ... setfacl -m acl_entries file ... setfacl -s acl_entries file... (2 Replies)
Discussion started by: manoj_dahiya22
2 Replies

5. Solaris

How to use setfacl

Hi all, If, for e.g. I have folder with permissions like this: drwxr-xr-x 2 fuad_ftp nms 96 Jan 8 13:55 test I want to give for user user123 acces rwx using setfacl: setfacl -m user:user123:rwx test But effective rights still is r-x because of mask... ... (1 Reply)
Discussion started by: nypreH
1 Replies

6. Shell Programming and Scripting

Setfacl permission issue

My Admin has written a shell script (Filepermission.ksh) with the following commands and provided me 'exeutive' privileges. However, when I try to run the script, I am getting the following error message. Can some one tell me what could be missing? Thank you for your continued support. Script: ... (0 Replies)
Discussion started by: MeganP
0 Replies

7. UNIX for Advanced & Expert Users

setfacl

I use: setfacl -m user:bbb:rwx folder1 to give user bbb the permission to go into my folder folder1, and cd folder1 setfacl -m user:bbb:rwx * to give bbb the permission under this folder. however, bbb can not cd to folder1, and got "permission denied" messages. the umask is... (3 Replies)
Discussion started by: fredao
3 Replies

8. Cybersecurity

Usage of setfacl

Hi, I have a directory with 700 permissions. I intend to give rwx privileges to a user which does not belong to the group. I am using the following command setfacl -m u:prod:rwx test when I checked the privileges using getfacl -a test the output was as follows: # file: test #... (1 Reply)
Discussion started by: chakri400
1 Replies
Login or Register to Ask a Question