Hi Stephen,
Certainly if you are just using XFS files with ACLs,
then the ACLs do not need the standard permissions to be set
to allow access to a user.
e.g.
tes@sagan /mnt/xfs0/testdir> chacl -l ./test1
./test1 [u::rw-,g::---,o::---,u:ajag:rw-,m::rwx]
tes@sagan /mnt/xfs0/testdir> su ajag
ajag@sagan /mnt/xfs0/testdir>cat test1
hi there
ajag@sagan /mnt/xfs0/testdir>touch test1
ajag@sagan /mnt/xfs0/testdir>su nathans
nathans@sagan /mnt/xfs0/testdir>cat test1
cat: test1: Permission denied
nathans@sagan /mnt/xfs0/testdir> touch test1
touch: test1: Permission denied
This has group and other permissions turned off and yet ajag
(who is _not_ the owner) is granted access.
Any other FS's permission function is not going to know how
to access/use the XFS ACL - well I guess except the work
going on in Samba.
--Tim
On Mon, Jun 04, 2001 at 12:49:38PM -0400, Stephen VanPelt wrote:
> Actually, though, netatalk is using the system's permission structure, and
> since the system is recognizing the ACLs, the ACLs are working with
> netatalk - I just have to make sure that I've run "chmod 667" on the file,
> and then using the ACLs to limit access. When I do it that way, it works
> just fine - I just wanted to make sure that there wasn't something that I
> was missing, or some other better way to do things.
>
> -Stephen
>
> --On Monday, June 04, 2001 12:33 PM -0400 John Trostel
> <jtrostel@xxxxxxxxxx> wrote:
>
> >
> > On 04-Jun-2001 Stephen VanPelt wrote:
> >> see comments below
> >>
> >
> > ... snip ...
> >
> >> This part looks good too - but here's where I find problems... If I
> >> have a user that I've specified (user1, in this instance) with write
> >> access log into the server (using netatalk - but this doesn't seem to
> >> matter), they cannot open the file if the file isn't chmod'ed to give
> >> "other" write access. Even though the user is given write access in
> >> the ACL, they cannot exercise that access unless it is also allowed in
> >> "chmod" (the file belongs to peltman:peltman - and of course the user
> >> is not in either of those groups - so unless they are set to chmod 006
> >> or 007, then the ACL doesn't seem to be able to grant any access that
> >> the chmod denies).
> >
> > Netatalk has no conception of ACLs. I'm fairly sure it just looks at the
> > standard permission structure to determine access. Therefore, Netatalk
> > doesn't know that there is an added user (or group) with access
> > priviledges. Try with Samba (version 2.20 or ,even better, the latest
> > CVS download) or with a unix user telneted in. Those should work
> >
> > --
> > John M. Trostel
> > Linux OS Engineer
> > Connex
> > jtrostel@xxxxxxxxxx
>
>
>
>
>
> Stephen VanPelt
> Information Technology Consultant
> MUSC Center for Drug and Alcohol Programs
> PH: 843-792-5558 Internet: vanpelts@xxxxxxxx
>
>
> __________________BEGIN FOOTER___________________
> **The Views Expressed by the Author of this Message are not **
> **necessarily those of the Medical University of South Carolina**
|