[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting Permissions with ACLs

To: Stephen VanPelt <vanpelts@musc.edu>
Subject: Re: Setting Permissions with ACLs
From: Timothy Shimmin <tes@boing.melbourne.sgi.com>
Date: Tue, 5 Jun 2001 18:55:20 +1000
Cc: jtrostel@connex.com, linux-xfs@oss.sgi.com
In-reply-to: <3816500554.991658978@D8H1FF01>; from vanpelts@musc.edu on Mon, Jun 04, 2001 at 12:49:38PM -0400
References: <XFMail.20010604123330.jtrostel@connex.com> <3816500554.991658978@D8H1FF01>
Sender: owner-linux-xfs@oss.sgi.com

Hi Stephen,

Certainly if you are just using XFS files with ACLs,
then the ACLs do not need the standard permissions to be set
to allow access to a user.
e.g.

tes@sagan /mnt/xfs0/testdir> chacl -l ./test1
./test1 [u::rw-,g::---,o::---,u:ajag:rw-,m::rwx]
tes@sagan /mnt/xfs0/testdir> su ajag

ajag@sagan /mnt/xfs0/testdir>cat test1
hi there
ajag@sagan /mnt/xfs0/testdir>touch test1
ajag@sagan /mnt/xfs0/testdir>su nathans

nathans@sagan /mnt/xfs0/testdir>cat test1
cat: test1: Permission denied
nathans@sagan /mnt/xfs0/testdir> touch test1
touch: test1: Permission denied

This has group and other permissions turned off and yet ajag
(who is _not_ the owner) is granted access.

Any other FS's permission function is not going to know how
to access/use the XFS ACL - well I guess except the work
going on in Samba.

--Tim

On Mon, Jun 04, 2001 at 12:49:38PM -0400, Stephen VanPelt wrote:
> Actually, though, netatalk is using the system's permission structure, and 
> since the system is recognizing the ACLs, the ACLs are working with 
> netatalk - I just have to make sure that I've run "chmod 667" on the file, 
> and then using the ACLs to limit access.  When I do it that way, it works 
> just fine - I just wanted to make sure that there wasn't something that I 
> was missing, or some other better way to do things.
> 
> -Stephen
> 
> --On Monday, June 04, 2001 12:33 PM -0400 John Trostel 
> <jtrostel@connex.com> wrote:
> 
> >
> > On 04-Jun-2001 Stephen VanPelt wrote:
> >> see comments below
> >>
> >
> > ... snip ...
> >
> >> This part looks good too - but here's where I find problems...  If I
> >> have a  user that I've specified (user1, in this instance) with write
> >> access log  into the server (using netatalk - but this doesn't seem to
> >> matter), they  cannot open the file if the file isn't chmod'ed to give
> >> "other" write  access.  Even though the user is given write access in
> >> the ACL, they cannot  exercise that access unless it is also allowed in
> >> "chmod"  (the file  belongs to peltman:peltman - and of course the user
> >> is not in either of  those groups - so unless they are set to chmod 006
> >> or 007, then the ACL  doesn't seem to be able to grant any access that
> >> the chmod denies).
> >
> > Netatalk has no conception of ACLs.  I'm fairly sure it just looks at the
> > standard permission structure to determine access. Therefore, Netatalk
> > doesn't know that there is an added user (or group) with access
> > priviledges.  Try with Samba (version 2.20 or ,even better, the latest
> > CVS download) or with a unix user telneted in.  Those should work
> >
> > --
> > John M. Trostel
> > Linux OS Engineer
> > Connex
> > jtrostel@connex.com
> 
> 
> 
> 
> 
> Stephen VanPelt
> Information Technology Consultant
> MUSC Center for Drug and Alcohol Programs
> PH: 843-792-5558 Internet:   vanpelts@musc.edu
> 
> 
> __________________BEGIN FOOTER___________________
> **The Views Expressed by the Author of this Message are not **
> **necessarily those of the Medical University of South Carolina**

References:
- RE: Setting Permissions with ACLs
  - From: John Trostel <jtrostel@connex.com>
- RE: Setting Permissions with ACLs
  - From: Stephen VanPelt <vanpelts@musc.edu>

Prev by Date: Re: Backing up a "live" file system.
Next by Date: Re: Hanging around with 2.4.5-xfs from cvs
Previous by thread: RE: Setting Permissions with ACLs
Next by thread: Re: Setting Permissions with ACLs
Index(es):
- Date
- Thread