Solved

How to use setfacl on Solaris 8?

Posted on 2004-08-19
6
2,122 Views
Last Modified: 2013-12-21

I have a directory with subdirectories and files that are owned by root:other.

I want to also allow another user (user01) full access (rwx) to the same directory/subdirectories and files and though I would user Solaris ACL to do this (setfacl and getfacl).

Additionally, I would still want all subdirectories and files to be owned by root:other (with rwx:r--).

How would I do this?

Thanks,
Troy
0
Comment
Question by:tdsimpso
  • 3
  • 2
6 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 11848246
Please have a look at the following doc (with examples):
    ACL Permissions for Directories:
    http://snap.nlc.dcccd.edu/reference/sysadmin/julian/ch18/407-410.html
   
    Whole doc (please read Access Control Lists (ACLs) ):
    http://snap.nlc.dcccd.edu/reference/sysadmin/julian/ewtoc.html

   
0
 
LVL 38

Expert Comment

by:yuzh
ID: 11848771
Here's another ACL tutorial (easier to understand):
    http://www.cs.indiana.edu/Facilities/software/ACL.html
    http://supportweb.cs.bham.ac.uk/howto/unix/acls.php

or try Jfacl (GUI) tool:
   http://www.cs.bham.ac.uk/~nrs/jfacl/
0
 

Author Comment

by:tdsimpso
ID: 11851837

Is it possible to set the ACL to be inherited by all subdirectories and files?
Do you know how to do this?

Thanks,
Troy
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Assisted Solution

by:mmajere
mmajere earned 100 total points
ID: 11856247
Perhaps a for loop in bash or ksh?

Assuming that example_file was already set up with the correct permissions you could try the following right at the command line

bash# for zz in `find {insert directory} -size +1` {enter}
>do {enter}
>setfacl -f example_file $zz {enter}
>echo "$zz has been changed" {enter}
>done

This should modify every file with a size greater than -1 byte and run a setfacl command on it, setting the ACL equal to your example file.

Hope this helps..
:)














































0
 
LVL 38

Accepted Solution

by:
yuzh earned 400 total points
ID: 11866954
There is no -R switch with setfacl, If a directory has an ACL, the subdirectories underneath will not inherit this ACL.

you need to do:

find /path | xargs setfacl

Or
find topdir -type d -exec setfacl {} acllist \;

man find
man xargs
man setfacl
to learn more details
0
 

Author Comment

by:tdsimpso
ID: 12008721
Thanks all for you help.
Troy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now