[ug-chosug] ACL common usage

Thu, 18 Jun 2009 14:57:00 +0200 

Sorry Nicolas Goy to send you twice the email

BTW, is there a possibility to change the mailing list behaviour so that 
reply return to the list instead to the person ???

 > If you use ZFS, you need to set
 >
 > aclmode to groupmask
 > aclinherit to passthrough
I've made it work with your example by defining:
aclmode to passthrough
aclinherit to passthrough

then I follow your indication, and it works like a charm.

otherwise if I maintained the aclmode to groupmask, each time I created 
a file or a directory I got:

# as root
export DIRACL=/export/acldemo
groupadd acldemo
useradd -G acldemo -g other acldemo1
useradd -G acldemo -g other acldemo2

zfs create rpool/export/acldemo
zfs set aclmode=groupmask rpool/export/acldemo
zfs set aclinherit=passthrough  rpool/export/acldemo

chown acldemo1:acldemo ${DIRACL}
chmod -R A=group:acldemo:rwxpdDaARWcCos:fd:allow ${DIRACL}

chown
# as acldemo1
su acldemo1
cd ${DIRACL}
mkdir dir.1
exit

# as acledemo2
su acldemo2
cd ${DIRACL}/dir.1/
LANG=C mkdir dir.2
mkdir: Failed to make directory "dir.2"; Permission denied

# argh

lets see the ACL

$ ls -Vd ${DIRACL} ${DIRACL}/dir.1
d---------+  3 acldemo1 acldemo        3 juin 18 14:35 /export/acldemo
      group:acldemo:rwxpdDaARWcCos:fd-----:allow
drwxr-xr-x+  2 acldemo1 other          2 juin 18 14:35 /export/acldemo/dir.1
      group:acldemo:rwxpdDaARWcCos:fdi---I:allow
      group:acldemo:-w-p----------:-------:deny
      group:acldemo:rwxpdDaARWcCos:------I:allow
             owner@:--------------:-------:deny
             owner@:rwxp---A-W-Co-:-------:allow
             group@:-w-p----------:-------:deny
             group@:r-x-----------:-------:allow
          everyone@:-w-p---A-W-Co-:-------:deny
          everyone@:r-x---a-R-c--s:-------:allow



I do not understand how ACL should be readed. I mean, what is the 
difference between this
      group:acldemo:rwxpdDaARWcCos:fdi---I:allow
      group:acldemo:-w-p----------:-------:deny
      group:acldemo:rwxpdDaARWcCos:------I:allow

and this
      group:acldemo:rwxpdDaARWcCos:fdi---I:allow

and how do you some the ACL or union them ????
      group:acldemo:rwxpdDaARWcCos:fdi---I:allow
      group:acldemo:-w-p----------:-------:deny
      group:acldemo:rwxpdDaARWcCos:------I:allow

cEd

-- 

C?dric BRINER
Geneva - Switzerland

Reply via email to