Solved

UNIX ACL Input

Posted on 2013-01-16
9
477 Views
Last Modified: 2013-01-18
On AIX I run:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20

The first part directory in the command is the ACL file and the second is the directory I want to set the ACL against.

Is there a way to do this on Linux (CentOS or Red Hat)? Linux uses setfacl and I'm having trouble figuring how to do a similar aclput on AIX on CentOS.
0
Comment
Question by:AIX25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 38786051
You are looking for setfacl command or some other seen by typing:

man -k acl
0
 

Author Comment

by:AIX25
ID: 38786124
I know it would be with setfacl command, but if you read my question, I need to run it similar fashion to:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20 on AIX.

Are you familiar with this on AIX? If yes, what is the command on Red Hat for this?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 38786166
Try

setfacl --set-file=/apps/lib/acl/acl_b20 /apps/retained/b20
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:AIX25
ID: 38786213
That worked! But I have something different showing up in the getfacl output for b20:

What does the #effective:r-- next the the user:userA:rw- mean?

Here is how it looks in the getfacl output:

# file: test
# owner: root
# group: root
user::rwx
user:userA:rw-         #effective:r--
group ....etc
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38786238
Do you have an effective rights mask?

Look for a line starting with "mask" in the getfacl output.
This mask overrides the user setting.
0
 

Author Comment

by:AIX25
ID: 38786242
Ok, I do have a mask setting. I must take out the mask line for it to pick up the intended permissions??
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38786262
I assume your mask is "r--".

There must have been some reason setting it this way (?)

Only rights contained in the mask will become effective.

If you want to forego using this feature remove the mask.
0
 

Author Comment

by:AIX25
ID: 38795113
One issue pertaining to this question...

Not sure if you have ran into this or can test it. But are there any conflicts with ACLs?

Meaning... if the Group permissions on the file are rwx, but the ACL has a Group permissions of r--, which permissions will be used?

also why do I have a + at the end of my permissions?

drwxrwx---+ root root 4096 Jan 17 22:03 test

And, my acl file does not have a mask setting in it, but when I run a getfacl on test, it shows a mask. Everything looks good, but that...how can I get rid of the mask?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38795239
Base ACL permissions and Unix permissions (which are shown with ls -l) cannot differ. They will always be the same.

The extended ACLs normally define permissions for users and groups other than the owning ones.

In case you defined an extended ACL permission for the owning user/group in addition to the base permission the extended ACL permission takes precedence:
"permit" directives will be added to the base permissions, "deny" directives will be taken away from them (this is not seen with ls -l!)

For AIX only:

The above is true for ACLs of type "AIXC". ACLs of type "NFS4" are a lot more complicated to explain (and to handle).
Please let me know if you need assistance with ACLs of that type.

The "+" indicates the presence of extended ACLs for the respective file/directory.

As for the mask: If you didn't specify one explicitly and always forbid recalculating (see below) then the mask is just a union of all permissions of the owning group, and all named user and group entries.
Every "setfacl" execution will recalculate the mask, unless explicitly forbidden by the "-n" flag.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question