The thinking here is that if the ACL on the file in USS contains a user id and our SLES9 image goes out to LDAP for it's UID info, it should be the same. We populated LDAP from RACF and we also have a particular naming/UID # convention that is the same across the shop. User logon ID's and UID #'s will be the same in USS as they are in LDAP. RACF is being used to authenticate the user and the 'OMVS Segment' info is stored in LDAP.
That being said, Linux can do ACL's just fine. They work the same way on both systems (albeit with a slight syntax change in the command). The big assumption here is that the two will be compatible. I figured I'd post out on the list to see if anyone had done something similar before. We can't be the only shop using ACL's ... can we?? --=Quinn North=-- Security Engineering ISO www.ISO.com Voice: 201.469.3504 Text: [EMAIL PROTECTED] -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Spinler Sent: Friday, February 01, 2008 6:23 PM To: [email protected] Subject: Re: Copying ACLs from USS to z/Linux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 North, Quinn wrote: | Hi all, | | We need to copy data from an HFS file system on a z/OS 1.8 system to a | SLES9 server image running under z/VM. The data contained on the z/OS | side is stored in USS and contains Access Control Lists (ACLs) which are | extended file attributes that can store more granular user access. Most | methods to copy data across systems DO NOT support ACLs and some | actually strip the ACL data during the copy. We need to keep the data | with the ACL's intact. Just a silly question with the disclaimer that I know literally nothing about z/OS's HFS: Do you know that the ACL capabilities on the two systems are compatible? ~ In other words, can Linux ACL's on an ext3 filesystem represent all of the information in your z/OS HFS filesystem ACL's? Even if they are logically similar enough to translate one to the other, are the ACL's in compatible formats? Or will it take some work to translate the one format into the other? - -- Pat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHo6m9NObCqA8uBswRArfeAJwNPst73zV8cUlRop8QdOYCtAymuwCfcNGJ Z2SZ0op9Q38B4JUksmoDxvI= =6obs -----END PGP SIGNATURE----- ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This email is intended for the recipient only. If you are not the intended recipient please disregard, and do not use the information for any purpose. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
