Login or Register to Ask a Question and Join Our Community


Solaris

Issue with setfacl

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Issue with setfacl
# 15  
Old 07-04-2009
Sorry, a word was missing in my last post that was making it confusing. I was already understanding the mask concept the way you describe it.

The bottom line is, regardless of the "umask vs mask" and "wrx vs rwx" typos in the initial command posted, the behavior the OP is observing is correct and there is no way to directly achieve what he wants.

ZFS NFSv4 ACLs wouldn't help either in that case as existing files permissions aren't affected by the inheritance flags.

In any case, assuming the directory ACL are properly set, it would be possible for the user to overcome the limitation by first renaming the file to edit, then copying that file to the original name and finally removing the copy. eg:
Code:
$ id
uid=xxxxx(jlliagre) gid=xxxxx(jlliagre)
$ su
...
# mkdir d
# pe setfacl -r -m user:jlliagre:rwx d
# date > d/f
# getfacl d

# file: d
# owner: root
# group: root
user::rwx
user:jlliagre:rwx   #effective:rwx
group::r-x    #effective:r-x
mask:rwx
other:r-x
# getfacl d/f

# file: d/f
# owner: root
# group: root
user::rw-
group::r--    #effective:r--
mask:r--
other:r--
# ^D
$ cd d
/tmp/mnt/d
$ ls -l
total 2
-rw-r--r--   1 root     root          30 Jul  4 11:32 f
$ date >> f
/bin/ksh: f: cannot create
$ mv f f1
$ cp f1 f
$ rm -f f1
$ date >> f
$ ls -l
total 2
-rw-r--r--   1 jlliagre jlliagre      60 Jul  4 11:32 f
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

help needed with setfacl

Hi, On the setfacl, I am trying to make one user with no rwx privilleges. After reading the man page I still can't get it. Please let me know the correct command. set user - SAM to have NO rwx privilleges on NEW objects setfacl -dm user:sam:--- /opt set user - SAM to have NO... (2 Replies)
Discussion started by: samnyc
2 Replies

2. UNIX for Advanced & Expert Users

setfacl directory limit

hello, I am using XFS filesystem & ACL (setfacl/getfacl). I can set ACL entries only for 21 users per one directory. For the 22nd user it shows invalid argument. Has somebody the same problem? I need to override this limit. thnks in advance david (3 Replies)
Discussion started by: sigd
3 Replies

3. Solaris

setfacl on a directory

Hi All, I am trying to set an ACL for a directory on my Solaris 10 box. I have an application which resides under /opt/CA directory. Application is installed by root and running as root. All log and configuration files are placed under /opt/CA as well. What I am trying to do is granting... (1 Reply)
Discussion started by: niyazi
1 Replies

4. Solaris

Please help --setfacl: illegal option -- R

when i am executing setfacl -Rm u:ggoyal2:rwx,m:rwx dir i am getting error bash-3.00# setfacl -Rm u:ggoyal2:rwx,m:rwx dir setfacl: illegal option -- R usage: setfacl -f aclfile file ... setfacl -d acl_entries file ... setfacl -m acl_entries file ... setfacl -s acl_entries file... (2 Replies)
Discussion started by: manoj_dahiya22
2 Replies

5. Solaris

How to use setfacl

Hi all, If, for e.g. I have folder with permissions like this: drwxr-xr-x 2 fuad_ftp nms 96 Jan 8 13:55 test I want to give for user user123 acces rwx using setfacl: setfacl -m user:user123:rwx test But effective rights still is r-x because of mask... ... (1 Reply)
Discussion started by: nypreH
1 Replies

6. Shell Programming and Scripting

Setfacl permission issue

My Admin has written a shell script (Filepermission.ksh) with the following commands and provided me 'exeutive' privileges. However, when I try to run the script, I am getting the following error message. Can some one tell me what could be missing? Thank you for your continued support. Script: ... (0 Replies)
Discussion started by: MeganP
0 Replies

7. UNIX for Advanced & Expert Users

setfacl

I use: setfacl -m user:bbb:rwx folder1 to give user bbb the permission to go into my folder folder1, and cd folder1 setfacl -m user:bbb:rwx * to give bbb the permission under this folder. however, bbb can not cd to folder1, and got "permission denied" messages. the umask is... (3 Replies)
Discussion started by: fredao
3 Replies

8. Cybersecurity

Usage of setfacl

Hi, I have a directory with 700 permissions. I intend to give rwx privileges to a user which does not belong to the group. I am using the following command setfacl -m u:prod:rwx test when I checked the privileges using getfacl -a test the output was as follows: # file: test #... (1 Reply)
Discussion started by: chakri400
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OSF1

edquota

edquota(8)						      System Manager's Manual							edquota(8)

NAME

       edquota - edits quotas

SYNOPSIS

       /usr/sbin/edquota [-gGuU] -t

       /usr/sbin/edquota [-p proto_username] [-u] username ...

       /usr/sbin/edquota [-P proto_userID] -U userID ...

       /usr/sbin/edquota [-P proto_userID] [-u] username ...

       /usr/sbin/edquota [-p proto_username] -U userID ...

       /usr/sbin/edquota [-p proto_groupname] -g groupname ...

       /usr/sbin/edquota [-P proto_groupID] -G groupID	...

       /usr/sbin/edquota [-P proto_groupID] -g groupname  ...

       /usr/sbin/edquota [-p proto_groupname] -G groupID ...

PARAMETERS

       Specifies  a  prototypical  user or group by the user name or group name.  A prototypical user or group has previously-defined, valid quota
       files that you want to duplicate for other user or group quota files.  Specifies a prototypical user or group by the user id or	group  id.
       A prototypical user or group has previously-defined, valid quota files that you want to duplicate for other user or group quota files.

FLAGS

       Edits  the quotas of one or more groups, specified by groupname on the command line.  When used with the -t flag, sets or changes the grace
       period for all file systems with group quotas specified in the /etc/fstab file.	Edits the quotas of  one  or  more  groups,  specified	by
       groupID on the command line.  When used with the -t flag, sets or changes the grace period for all file systems with group quotas specified
       in the /etc/fstab file.	Initializes the specified quotas by duplicating the established quotas of the prototypical user's name (when  used
       with the -u flag, the -U flag, or no other flags) or the prototypical group's name (when used with the -g or -G flags).	The proto_username
       or proto_groupname must have a valid quota file.  Establishing quotas for one user or group and then using the -p flag to  duplicate  these
       quotas for other users is the normal mechanism for initializing quotas for a group of users.  Initializes the specified quotas by duplicat-
       ing the established quotas of the prototypical user's id (when used with the -U flag or the -u flag) or the prototypical group's  id  (when
       used  with  the -G flag or the -g flag).  The proto_userID or proto_groupID must have a valid quota file.  Establishing quotas for one user
       or group and then using the -P flag to duplicate these quotas for other users is the normal mechanism for initializing quotas for  a  group
       of  users.  Sets or changes the default grace period for which users may exceed their soft limits.  By default, or when you specify -t with
       the -u flag, the grace period is set for all file systems with user quotas specified in the /etc/fstab file.  When you specify -t with  the
       -g  flag,  the grace period is set for all of the file systems with group quotas specified in the /etc/fstab file.  Edits the quotas of one
       or more users, specified by username ... on the command line.  The -u flag is the default.  The -u flag, used with the -t flag, changes the
       grace  period  for all file systems with user quotas specified in the /etc/fstab file.  Edits the quotas of one or more users, specified by
       userID ...  on the command line.  The -U flag used with the -t flag, changes the grace period for all file systems with user quotas  speci-
       fied in the /etc/fstab file.

DESCRIPTION

       The  edquota command is a quota editor that allows you to add and modify user and group quotas and modify file system  quota grace periods.
       Use the quota command to display the existing quota information.  Note that disk quotas are displayed as 1 kilobyte blocks.

       For each user or group specified, the edquota command creates a temporary file with an ASCII representation of the current quotas for  that
       user  or  group,  then  invokes	an editor to allow you to modify the file.  The vi editor is invoked by default.  To override the default,
       specify a different editor for the EDITOR environment variable in your login file.

       Setting a hard limit to 0 (zero) indicates that no quota should be imposed.  Setting a hard limit to 1 (one) indicates that no  allocations
       should  be permitted.  Setting a soft limit to 1 (one) with a hard limit of 0 (zero) indicates that allocations should be permitted on only
       a temporary basis (see the -t flag).  The current usage information in the file is for informational purposes; only the hard and soft  lim-
       its can be changed.

       For  each  file system, the edquota command creates a temporary file with an ASCII representation of the current grace period for that user
       or group, then invokes an editor to allow you to modify the grace period.  The grace period may be specified in days,  hours,  minutes,	or
       seconds.  Setting a grace period to 0 (zero) indicates that the default grace period should be imposed.	Setting a grace period to 1 second
       indicates that no grace period should be granted.  When you exit the editor, edquota reads the temporary file and modifies  the	quota.user
       and quota.group files for the target file system to reflect the changes made.

       Changes	in  grace periods take effect immediately unless a grace period is currently in effect.  For example, assume a user exceeds a soft
       limit and receives a grace period of 7 days.  A subsequent change to a grace period of 1 day will not  affect  the  user's  already-invoked
       grace  period,  unless the user drops below the soft limit and exceeds it once again.  The default grace period for a file system is speci-
       fied in the quota.user and quota.group files for the target file system.

RESTRICTIONS

       You can use the edquota command to edit only those file systems that are in the /etc/fstab file and have userquota and groupquota entries.

       You must be the root user to edit quotas.

NOTES

       The term file system represents either a UFS file system or an AdvFS fileset.

       The root user can exceed user and group quotas.	The fileset grace period is equal to the group grace period.  When  you  use  the  edquota
       command to set the group grace period for a fileset causes that same value to be used for the fileset grace period.

EXAMPLES

       To apply the existing quotas of the user named user1 to the user named user2:

       /usr/sbin/edquota -p user1 -u user2

       To apply the existing quotas of the user named user1 to the user named user2, using the default:

       /usr/sbin/edquota -p user1 user2

       To apply the existing quotas of the user with the user id 361 to the user with the user id 382:

       /usr/sbin/edquota -P 361 -U 382

       To apply the existing quotas of the user named user1 to the user with the user id 382:

       /usr/sbin/edquota -p user1 -U 382

FILES

       Specifies  the  command	path  Contains	user quotas for file systems Contains group quotas for file systems Contains file system names and
       locations

RELATED INFORMATION

       quota(1), quotacheck(8), quotaon(8), quotactl(2), fstab(4).  delim off

																	edquota(8)