If you use ZFS, you need to set
aclmode to groupmask
aclinherit to passthrough
Then, you can do something like:
chmod -R A=group:thegroup:rwxpdDaARWcCos:fd:allow /path/
This gives all permissions to the group named 'thegroup'.
Example:
> mkdir acldemo
> pfexec groupadd acldemo
> pfexec useradd -G acldemo -g other acldemo # This is not the main
group on purpose (for the demo)
> chmod -R A=group:acldemo:rwxpdDaARWcCos:fd:allow acldemo
> ls -V
total 3
d---------+ 2 kuon staff 2 Jun 17 14:30 acldemo
group:acldemo:rwxpdDaARWcCos:fd-----:allow
> pfexec su acldemo
acldemo at ayame:~$ mkdir toto
acldemo at ayame:~$ ls -lV
total 1
drwxr-xr-x+ 2 acldemo other 2 Jun 17 14:33 toto
group:acldemo:rwxpdDaARWcCos:fdi---I:allow
group:acldemo:-w-p----------:-------:deny
group:acldemo:rwxpdDaARWc--s:------I:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
acldemo at ayame:~$ umask 077
acldemo at ayame:~$ mkdir toto2
acldemo at ayame:~$ ls -lV
total 4
drwxr-xr-x+ 2 acldemo other 2 Jun 17 14:33 toto
group:acldemo:rwxpdDaARWcCos:fdi---I:allow
group:acldemo:-w-p----------:-------:deny
group:acldemo:rwxpdDaARWc--s:------I:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
drwx------+ 2 acldemo other 2 Jun 17 14:34 toto2
group:acldemo:rwxpdDaARWcCos:fdi---I:allow
group:acldemo:rwxp----------:-------:deny
group:acldemo:rwxpdDaARWc--s:------I:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:rwxp----------:-------:deny
group@:--------------:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
acldemo at ayame:~$ exit
# Here we see we have created folder (or file) with the acldemo user
that has other as main group, but with our ACL, the group:acldemo:....
ACL was inherited.
# Now let's add another user, this time with acldemo as main group,
and try
> pfexec useradd -g acldemo acldemo2
> pfexec su acldemo2
kuon at ayame:~/test/acldemo$ ls -l
total 6
drwxr-xr-x+ 2 acldemo other 2 Jun 17 14:33 toto
drwx------+ 2 acldemo other 2 Jun 17 14:34 toto2
kuon at ayame:~/test/acldemo$ rm -fr *
kuon at ayame:~/test/acldemo$ ls -l
total 0
# As we can see, we have full right over the content created by the
other user.
Hope that help
--
Nicolas Goy
Crazy Programmer and Optimization Bear
http://goyman.com
http://kuon.goyman.com
On 2009-06-17, at 14:13, cedric briner wrote:
> Thanks Jean-Pierre and Javi !
> But, I knew about this configuration,
> unfortunately people tend to not remember things that they are not
> used to do, such as : umask (they even have problem to understand
> what is umask for)
>
> So I was ready to make my sysadmin life more difficult by using ACL
> to the purpuse of simplifying the one of my users.
>
> So please, does some of you knows how to set this up witch ACL.
>
> thanks in advance.
>
> cEd
>> Hello Cedric,
>>
>> To do it simple, don't use ACL for this case.
>>
>> If all the users belong to the same group, you just need to put the
>> group
>> attributes to rwx for this directory.
>>
>> If the group is not the primary group of all/some of the users,
>> then you
>> need to set the "set group id" property to ensure that all the
>> files that
>> are created in this directory will belong to the correct group.
>>
>> Example:
>>
>> 1. All the users are added to a secondary group "moreperms"
>>
>> 2. Create the directory with the right group and permissions
>>
>> jack at opensolaris:~# mkdir somepermsdir
>> jack at opensolaris:~# chgrp moreperm somepersdir
>> jack at opensolaris:~# chmod 2770 somepermdir
>>
>> 3. Start playing with it...
>>
>> HTH
>>
>> Javi
>>
>> On Wed, Jun 17, 2009 at 11:09 AM, cedric
>> briner<work at infomaniak.ch> wrote:
>>
>>> Hello the list,
>>>
>>> I'd like to have a repertory where user belonging to a same
>>> group could collaborate.
>>> Let's try to keep it very simple, by willing that any user in this
>>> group
>>> can do whatever they want in this directory.
>>>
>>> Is there some reciepes on how to do this with ACL ???
>>>
>>> cEd
>>> --
>>>
>>> C?dric BRINER
>>> Geneva - Switzerland
>>> _______________________________________________
>>> ug-chosug mailing list
>>> ug-chosug at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/ug-chosug
>>>
>>
>
>
> --
>
> C?dric BRINER
> Geneva - Switzerland
> _______________________________________________
> ug-chosug mailing list
> ug-chosug at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/ug-chosug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2434 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/ug-chosug/attachments/20090617/e4da1f7d/attachment.bin>
