Hi,
sorry for polluting the list. But i accidently hit the sent button :-(
Federico Sevilla III wrote:
> I hope my rephrasing my questions will help me get some answers.
>
> What needs to be done:
>
> o Set the ACLs of a pretty large tree of files and directories
> recursively.
afaik there is no way to do that directly. Therefore I've written a
tiny script(attached below). There may be a many better ways to do it,
but it works fine for me ;-)
> o Find out how to manage ACLs for easy addition/removal of particular
> user privileges on a per-subtree/branch basis again recursively.
I just copy the old acl, and add/remove the privileges, i want to
change. If you don't like this method, take a look at the sed manpage...
> o Get some tips from those who have already implemented ACLs for a large
> data share (something like what Samba can provide although to be accessed
> locally or via NFS).
Well, this is a bit tricky. You may want to take a look at
http://acl.bestbits.at/man/acl.5.html#DETERMINING%20ACCESS
The problem is the ACL_MASK, which is affected by the create mode.
Thus you have to use at least 770 as create mode. You need this in
directories, which uses acls. In other directories, this is probably
not what you want. With samba, you can set a create mask per share.
This means, that you want to use acls on each subdirectory of the
share, which uses alcs.
Johannes
------------------------------------------------------------------------
#!/bin/bash
export acl=$1
export dacl=$1
function foreach()
{
for name in *
do
if [ -d "$name" ]
then
chacl -b $acl $dacl "$name"
cd "$name"
foreach
cd ..
else
chacl $acl "$name"
fi
done
}
if [ -z $2 ]
then
echo "usage: mchacl acl directory";
exit
fi
chacl -b $acl $dacl $2
cd $2
foreach
cd ..
|