Hi
Today i added new disk partition to my 5.1-release box. I want to use ACLs, which are
enabled in kernel, they work partialy. They work on a single directory or file, but
they don't even apply to file/directory, when i try to set so called default ACL entry.
I attached my kernel config file. Additionally, i've got loaded openbsd pf module
(firewall).
Any help would be very appreciated.
Brane
Command sequence was:
# newfs -O 2 -L export -U -m 0 -o space /dev/ad0s2d
... lots of numbers ...
# tunefs -a enable /dev/ad0s2d
tunefs: ACLs set
# mount /dev/ad0s2d /export
# mount | grep /export
/dev/ad0s2d on /export (ufs, local, soft-updates, acls)
Now i create directory /export/a. I want to be owned by root:wheel, others will no
have any access at all and i want that user branko will have rw access to it.
# mkdir a
# getfacl a
#file:a
#owner:0
#group:0
user::rwx
group::r-x
other::r-x
# setfacl -m u::rwx,g::rx,o::---,u:branko:rwx a
# getfacl a
#file:a
#owner:0
#group:0
user::rwx
user:branko:rwx
group::r-x
mask::rwx
other::---
(testing as branko - works okay)
Now, if root creates some files (od dirs) in 'a', owner of that file will be root and
only standard unix triple acl will be assigned, so that user branko will not be able
to access that file read/write.
Well, it seems, that default directory acl need to be set to achive above goal.
# setfacl -b a
# setfacl -dm u::rwx,g::rwx,o::--,u:branko:rwx a
# getfacl a
#file:a
#owner:0
#group:0
user::rwx
group::r-x
mask::r-x
other::---
WHOOPS, where is user branko?! Why group's acls was not altered from 'r-x' to 'rwx' ?!
Ofcourse, trying to access directory 'a' as branko doesn't succeed.
machine i386
cpu I686_CPU
ident FROST
options SCHED_4BSD #4BSD scheduler
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options SOFTUPDATES #Enable FFS soft updates support
options UFS_ACL #Support for access control lists
options UFS_DIRHASH #Improve performance on big directories
options NFSCLIENT #Network Filesystem Client
options NFSSERVER #Network Filesystem Server
options NULLFS
options PROCFS #Process filesystem (requires PSEUDOFS)
options PSEUDOFS #Pseudo-filesystem framework
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 #Compatible with FreeBSD4
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
device isa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
options ATA_STATIC_ID #Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
device apm
device acpi
# Add suspend/resume support for the i8254.
device pmtimer
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device ppi # Parallel port interface device
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device dc # DEC/Intel 21143 and various workalikes
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device rl # RealTek
# Pseudo devices - the number indicates how many units to allocate.
device random # Entropy device
device loop # Network loopback
device ether # Ethernet support
device ppp # Kernel PPP
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device tun
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device ulpt # Printer
# ipsec
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
# pppoe
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
# ppp
options PPP_BSDCOMP
options PPP_DEFLATE
options PPP_FILTER
# linux
options COMPAT_LINUX
# PF
options PFIL_HOOKS
options RANDOM_IP_ID
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
