[prev in list] [next in list] [prev in thread] [next in thread]
List: opensolaris-storage-discuss
Subject: [storage-discuss] Recursive ACL with chmod does not work as expected
From: Andrew Hydle <internet () nineproductions ! com>
Date: 2008-04-17 13:28:16
Message-ID: 14109945.1208464127178.JavaMail.Twebapp () oss-app1
[Download RAW message or body]
Hi, I am having some problems with recursive ACL's and I was hoping someone could \
help me out. I am not sure if I am missing something but chmod does not behave as I \
would expect it too.
I have an existing directory structure with existing files that I want to add a new \
group to. The new group should have rwx (like) permissions to all existing files and \
directories and any new files/directories should inherit this.
So here is what I did.
1) Recursively add the group to the existing directory and any sub-directories. I get \
a whole mess of errors because files should not have inheritance set on them.
root@fs0 # chmod -R A+group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./
chmod: ERROR: Inheritance flags are only allowed on directories
See chmod(1) for more information on valid ACL syntax
chmod: ERROR: Inheritance flags are only allowed on directories
See chmod(1) for more information on valid ACL syntax
2) I verify that the new permissions are set on one of the directories. The new group \
is set on the directory.
root@fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
group:DOMAIN+finance-:rwxpdDaARW----:fd----:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
3) I verify that the new permissions are set on one of the files but the new group \
permission is not there.
ls -Vd Fax\ Cover\ Sheet.doc
-rwx-w----+ 1 DOMAIN+tuserb DOMAIN+domain users 36864 Mar 24 11:40 Fax Cover \
Sheet.doc owner@:----dDaARW----:------:allow
user:DOMAIN+tuserb:rwxp---A-W-Co-:------:allow
group:BUILTIN+users:rwxpdDaARW----:------:allow
everyone@:-------A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:r-x-----------:------:deny
group@:-w-p----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
4) So I try and back out my ACL changes by using the exact same chmod command I used \
to apply the ACL but switching the A+ to an A- and I get ACL entry does not exist
root@fs0 # chmod -R A-group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./
chmod: ERROR: ACL entry doesn't exist
5) If I verify if the ACL was removed I see it was not.
root@fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
group:DOMAIN+finance-:rwxpdDaARW----:fd----:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
6) The recursive remove didnt work but I can remove the ACL by specifying the \
directory.
root@fs0 # chmod A-group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./Documents
root@fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
-----------------------------------
If I try to do a recursive ACL update on the root of a ZFS file system I get an \
ERROR.
root@fs0 # zfs list | grep tuserb
export/Users/tuserb 31.7M 11.6T 31.7M /export/Users/tuserb
root@fs0 # chmod -R A+group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./tuserb
chmod: ERROR: ACL type's are different
This message posted from opensolaris.org
_______________________________________________
storage-discuss mailing list
storage-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic