On Tue, 17 Jul 2001 at 21:29, Federico Sevilla III wrote:
> chacl u::rwx,g::,o::,u:jijo:r-x,m::r-x test
Okay, thanks to the replies I was able to fix this. I did something like:
chacl u::rwx,g::rwx,o::---,g:jijo:rwx,m::rwx test
Now I have some questions again, I hope you all don't mind:
1. How do I do this recursively? I'd like to be able to set the ACLs for
an entire directory tree including all files and directories within it.
2. How do I modify the ACLs? It's rather difficult to have to keep redoing
the ACLs everytime a new user needs access or access must be revoked. In
the bestbits site (http://acl.bestbits.at/) for example, setfacl has the
"-m" flag that allows the call to be a modification to the existing ACLs.
Hopefully this can be done recursively, too.
3. Can ACLs implement a default group for a file to be written as? I was
able to use the default ACLs (I used exactly the same ACLs as I did above)
so that permissions are set properly. However files are owned by the user,
with the user's group as the group owner. I'd like to set this to
something else hopefully using ACLs.
Would anyone know of a tool (aside from chacl() of course) that can
perhaps aid me in the setting, viewing, and maintaining of my ACLs?
Also, I was hoping for some suggestions from those who have "been here,
done this". Here is the situation:
Let's say I have an /opt/data directory tree that is of course XFS with
ACL support. It is owned by root.root with permissions u=rwx,g=rx,o=rx
with no special ACLs. Within /opt/data are a number of directories. Each
of these is like a share (I got this idea from my current Samba layout).
These are all still owned by root.root. Permissions (chmod) are now
u=rwx,g=rx,o= to prevent non-root users not in the ACLs from accessing
these shares.
Then each share will have its own set of ACLs and default ACLs that are
propagated throughout the branch. So for example users dog and cat are to
be given read and write access to the 'dogcat' directory under /opt/data,
I will probably do a:
chacl u::rwx,g::r-x,o::---,g:dog:rwx,g:cat:rwx,m::rwx dogcat
chacl -d u::rwx,g::r-x,o::---,g:dog:rwx,g:cat:rwx,m::rwx dogcat
Is this correct? So supposedly all data that will be written in the dogcat
directory are owned by user.user (dog, cat or root in this case)
u=rwx,g=rwx,o= with the same ACLs as defined in the above invocations of
chacl. Is this the right way to go? Also, I cannot clearly understand the
ACL masking. How do the various settings affect the files created within?
Now, let's say we wanted to allow a new user 'goat' to read and access all
files in the /opt/data/dogcat directory tree? How would I propagate such a
change?
I am full of questions, I hope those with more experience with ACLs and
XFS can be patient with this newbie. :)
--> Jijo
--
Federico Sevilla III :: jijo@xxxxxxxxxxxxxxxxxxxx
Network Administrator :: The Leather Collection, Inc.
|