Solved

UNIX ACL Input

Posted on 2013-01-16
9
474 Views
Last Modified: 2013-01-18
On AIX I run:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20

The first part directory in the command is the ACL file and the second is the directory I want to set the ACL against.

Is there a way to do this on Linux (CentOS or Red Hat)? Linux uses setfacl and I'm having trouble figuring how to do a similar aclput on AIX on CentOS.
0
Comment
Question by:AIX25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 38786051
You are looking for setfacl command or some other seen by typing:

man -k acl
0
 

Author Comment

by:AIX25
ID: 38786124
I know it would be with setfacl command, but if you read my question, I need to run it similar fashion to:

aclput -i /apps/lib/acl/acl_b20 /apps/retained/b20 on AIX.

Are you familiar with this on AIX? If yes, what is the command on Red Hat for this?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 38786166
Try

setfacl --set-file=/apps/lib/acl/acl_b20 /apps/retained/b20
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:AIX25
ID: 38786213
That worked! But I have something different showing up in the getfacl output for b20:

What does the #effective:r-- next the the user:userA:rw- mean?

Here is how it looks in the getfacl output:

# file: test
# owner: root
# group: root
user::rwx
user:userA:rw-         #effective:r--
group ....etc
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38786238
Do you have an effective rights mask?

Look for a line starting with "mask" in the getfacl output.
This mask overrides the user setting.
0
 

Author Comment

by:AIX25
ID: 38786242
Ok, I do have a mask setting. I must take out the mask line for it to pick up the intended permissions??
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 38786262
I assume your mask is "r--".

There must have been some reason setting it this way (?)

Only rights contained in the mask will become effective.

If you want to forego using this feature remove the mask.
0
 

Author Comment

by:AIX25
ID: 38795113
One issue pertaining to this question...

Not sure if you have ran into this or can test it. But are there any conflicts with ACLs?

Meaning... if the Group permissions on the file are rwx, but the ACL has a Group permissions of r--, which permissions will be used?

also why do I have a + at the end of my permissions?

drwxrwx---+ root root 4096 Jan 17 22:03 test

And, my acl file does not have a mask setting in it, but when I run a getfacl on test, it shows a mask. Everything looks good, but that...how can I get rid of the mask?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38795239
Base ACL permissions and Unix permissions (which are shown with ls -l) cannot differ. They will always be the same.

The extended ACLs normally define permissions for users and groups other than the owning ones.

In case you defined an extended ACL permission for the owning user/group in addition to the base permission the extended ACL permission takes precedence:
"permit" directives will be added to the base permissions, "deny" directives will be taken away from them (this is not seen with ls -l!)

For AIX only:

The above is true for ACLs of type "AIXC". ACLs of type "NFS4" are a lot more complicated to explain (and to handle).
Please let me know if you need assistance with ACLs of that type.

The "+" indicates the presence of extended ACLs for the respective file/directory.

As for the mask: If you didn't specify one explicitly and always forbid recalculating (see below) then the mask is just a union of all permissions of the owning group, and all named user and group entries.
Every "setfacl" execution will recalculate the mask, unless explicitly forbidden by the "-n" flag.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question