UNIX ACL Input

On AIX I run:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20

The first part directory in the command is the ACL file and the second is the directory I want to set the ACL against.

Is there a way to do this on Linux (CentOS or Red Hat)? Linux uses setfacl and I'm having trouble figuring how to do a similar aclput on AIX on CentOS.
AIX25Asked:
Who is Participating?
 
woolmilkporcConnect With a Mentor Commented:
Try

setfacl --set-file=/apps/lib/acl/acl_b20 /apps/retained/b20
0
 
gheistCommented:
You are looking for setfacl command or some other seen by typing:

man -k acl
0
 
AIX25Author Commented:
I know it would be with setfacl command, but if you read my question, I need to run it similar fashion to:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20 on AIX.

Are you familiar with this on AIX? If yes, what is the command on Red Hat for this?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
AIX25Author Commented:
That worked! But I have something different showing up in the getfacl output for b20:

What does the #effective:r-- next the the user:userA:rw- mean?

Here is how it looks in the getfacl output:

# file: test
# owner: root
# group: root
user::rwx
user:userA:rw-         #effective:r--
group ....etc
0
 
woolmilkporcCommented:
Do you have an effective rights mask?

Look for a line starting with "mask" in the getfacl output.
This mask overrides the user setting.
0
 
AIX25Author Commented:
Ok, I do have a mask setting. I must take out the mask line for it to pick up the intended permissions??
0
 
woolmilkporcConnect With a Mentor Commented:
I assume your mask is "r--".

There must have been some reason setting it this way (?)

Only rights contained in the mask will become effective.

If you want to forego using this feature remove the mask.
0
 
AIX25Author Commented:
One issue pertaining to this question...

Not sure if you have ran into this or can test it. But are there any conflicts with ACLs?

Meaning... if the Group permissions on the file are rwx, but the ACL has a Group permissions of r--, which permissions will be used?

also why do I have a + at the end of my permissions?

drwxrwx---+ root root 4096 Jan 17 22:03 test

And, my acl file does not have a mask setting in it, but when I run a getfacl on test, it shows a mask. Everything looks good, but that...how can I get rid of the mask?
0
 
woolmilkporcCommented:
Base ACL permissions and Unix permissions (which are shown with ls -l) cannot differ. They will always be the same.

The extended ACLs normally define permissions for users and groups other than the owning ones.

In case you defined an extended ACL permission for the owning user/group in addition to the base permission the extended ACL permission takes precedence:
"permit" directives will be added to the base permissions, "deny" directives will be taken away from them (this is not seen with ls -l!)

For AIX only:

The above is true for ACLs of type "AIXC". ACLs of type "NFS4" are a lot more complicated to explain (and to handle).
Please let me know if you need assistance with ACLs of that type.

The "+" indicates the presence of extended ACLs for the respective file/directory.

As for the mask: If you didn't specify one explicitly and always forbid recalculating (see below) then the mask is just a union of all permissions of the owning group, and all named user and group entries.
Every "setfacl" execution will recalculate the mask, unless explicitly forbidden by the "-n" flag.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.