?
Solved

UNIX ACL Input

Posted on 2013-01-16
9
Medium Priority
?
494 Views
Last Modified: 2013-01-18
On AIX I run:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20

The first part directory in the command is the ACL file and the second is the directory I want to set the ACL against.

Is there a way to do this on Linux (CentOS or Red Hat)? Linux uses setfacl and I'm having trouble figuring how to do a similar aclput on AIX on CentOS.
0
Comment
Question by:AIX25
  • 4
  • 4
9 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 38786051
You are looking for setfacl command or some other seen by typing:

man -k acl
0
 

Author Comment

by:AIX25
ID: 38786124
I know it would be with setfacl command, but if you read my question, I need to run it similar fashion to:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20 on AIX.

Are you familiar with this on AIX? If yes, what is the command on Red Hat for this?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 38786166
Try

setfacl --set-file=/apps/lib/acl/acl_b20 /apps/retained/b20
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:AIX25
ID: 38786213
That worked! But I have something different showing up in the getfacl output for b20:

What does the #effective:r-- next the the user:userA:rw- mean?

Here is how it looks in the getfacl output:

# file: test
# owner: root
# group: root
user::rwx
user:userA:rw-         #effective:r--
group ....etc
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38786238
Do you have an effective rights mask?

Look for a line starting with "mask" in the getfacl output.
This mask overrides the user setting.
0
 

Author Comment

by:AIX25
ID: 38786242
Ok, I do have a mask setting. I must take out the mask line for it to pick up the intended permissions??
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 38786262
I assume your mask is "r--".

There must have been some reason setting it this way (?)

Only rights contained in the mask will become effective.

If you want to forego using this feature remove the mask.
0
 

Author Comment

by:AIX25
ID: 38795113
One issue pertaining to this question...

Not sure if you have ran into this or can test it. But are there any conflicts with ACLs?

Meaning... if the Group permissions on the file are rwx, but the ACL has a Group permissions of r--, which permissions will be used?

also why do I have a + at the end of my permissions?

drwxrwx---+ root root 4096 Jan 17 22:03 test

And, my acl file does not have a mask setting in it, but when I run a getfacl on test, it shows a mask. Everything looks good, but that...how can I get rid of the mask?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38795239
Base ACL permissions and Unix permissions (which are shown with ls -l) cannot differ. They will always be the same.

The extended ACLs normally define permissions for users and groups other than the owning ones.

In case you defined an extended ACL permission for the owning user/group in addition to the base permission the extended ACL permission takes precedence:
"permit" directives will be added to the base permissions, "deny" directives will be taken away from them (this is not seen with ls -l!)

For AIX only:

The above is true for ACLs of type "AIXC". ACLs of type "NFS4" are a lot more complicated to explain (and to handle).
Please let me know if you need assistance with ACLs of that type.

The "+" indicates the presence of extended ACLs for the respective file/directory.

As for the mask: If you didn't specify one explicitly and always forbid recalculating (see below) then the mask is just a union of all permissions of the owning group, and all named user and group entries.
Every "setfacl" execution will recalculate the mask, unless explicitly forbidden by the "-n" flag.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month17 days, left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question