How are the files zipped? How are they expanded? Perhaps the zip program being used does not preserve permission bits .. or the zip/unzip needs the proper incantation to do it. Using 'tar' or other compression tools that are *nix based might help if the zip program being used isn't working..
Scott On Mon, May 18, 2009 at 1:37 PM, CHAPLIN, JAMES (CTR) < james.chap...@associates.dhs.gov> wrote: > I have a user who deploys an application using a common user ID and > script. For security reasons, we are trying to get them off this common > ID. However their deployment scripts fail to remove files other than the > ones they themselves (user) deploy. Thus the team resorts to a common > ID. > > My solution was to use ACL to grant RWX to all members of the group on > the file system. This works after I set the command: > setfacl -R -m g:guid:rwx /file/system and > setfacl -R -m -d g:guid:rwx /file/system for the default value. > > When I display (getfacl) these values, they are verified as still > correct. > > However after they expand their zip file again during the deployment, > the files are no longer removable (permission denied) by any other > member of the group except for the user completing the deployment. And > the ACL values are still the same for the file system. > > The files are created by the developers on a Windows platform to be > deployed on linux. > > Before: > group:groupname:rwx > > After redeployment: > group:groupname:rwx #effective:r-x <==(I need the > write) > > How can I resolve this without having to rerun the setfacl command > again? > > James Chaplin > Systems Programmer, MVS, zVM & zLinux > Base Technologies, Inc > Supporting the zSeries Platform Team > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
