see comments below
--On Monday, June 04, 2001 10:48 AM -0400 John Trostel
<jtrostel@xxxxxxxxxx> wrote:
Are you the original owner of the files you are trying to change the ACLs
of?
Yes, and I'm able to change the ACLs.
Try this and tell me what you see:
1. In an XFS directory you own, create a file:
$ touch a_file
2. check the permissions (assuming a standard umask)
$ ls -l a_file
-rw-rw-r-- 1 jt jt 0 Jun 4 10:38 a_file
$
-rw-r--r-- 1 peltman peltman 0 Jun 4 09:53 a_file
3. check the permission with 'chacl' (no ACL applied yet)
$ chacl -l a_file
a_file []
Yup, looks good...
4. change the ACL using 'chacl' and check again
$ chacl u::rwx,g::r-x,o::r--,u:user1:r--,m::r-x a_file
$ chacl -l a_file
a_file [u::rwx,g::r-x,o::r--,u:user1:r--,m::r-x]
This part looks good too - but here's where I find problems... If I have a
user that I've specified (user1, in this instance) with write access log
into the server (using netatalk - but this doesn't seem to matter), they
cannot open the file if the file isn't chmod'ed to give "other" write
access. Even though the user is given write access in the ACL, they cannot
exercise that access unless it is also allowed in "chmod" (the file
belongs to peltman:peltman - and of course the user is not in either of
those groups - so unless they are set to chmod 006 or 007, then the ACL
doesn't seem to be able to grant any access that the chmod denies).
On 04-Jun-2001 Stephen VanPelt wrote:
Hello there,
I'm running Redhat 7.1 with XFS, and I've got a quick question about
setting permissions using the ACLs. I tried many different
configurations when setting permissions on a directory and on a file,
but I found that the ACLs can only grant permissions on files that I've
chmod'ed to 777. Basically I'm finding that the ACLs cannot grant a
right that has not already been granted by chmod, although the ACLs
will in fact restrict access that has been authorized by chmod.
I'm just making sure that I'm doing everything in the best possible
manner, and that I have not missed a step here. I'm very new to the
linux ACL game (never touched an Irix machine in my life), and I'm a
little wary :)
Thanks for any help or suggestions you might have,
Stephen VanPelt
Stephen VanPelt
Information Technology Consultant
MUSC Center for Drug and Alcohol Programs
PH: 843-792-5558 Internet: vanpelts@xxxxxxxx
__________________BEGIN FOOTER___________________
**The Views Expressed by the Author of this Message are not **
**necessarily those of the Medical University of South Carolina**
--
John M. Trostel
Linux OS Engineer
Connex
jtrostel@xxxxxxxxxx
Stephen VanPelt
Information Technology Consultant
MUSC Center for Drug and Alcohol Programs
PH: 843-792-5558 Internet: vanpelts@xxxxxxxx
__________________BEGIN FOOTER___________________
**The Views Expressed by the Author of this Message are not **
**necessarily those of the Medical University of South Carolina**
|