Thanks John. I'll see what I can do with that. In the mean time my online searches didn't turn up much. I can imagine such a utility would be handy on an aggressively audited system.
Ray Mrohs -----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of McKown, John Sent: Friday, July 27, 2012 4:08 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Any way to summarize system ACL settings? I've not done much, but my first step was: getfacl -Rst . | tr '\n' ' ' | { sed 's/#/\n#/g'; echo; } | cat In a small test in the current directory, I had two files with ACLs in ~/z. When I ran the above in ~, the output looked like: # file: z/sort.info USER tsh009 rw- user tss r-- GROUP TSHG r-- mask r-- other r-- # file: z/gawk.info USER tsh009 rw- user postgres r-- user tss r-- GROUP TSHG r-- mask r-- other r-- Where the # is the first character in the link. In case of wrapping, there are only two lines above, both starting with the #. My thought is to pipe that into a Perl script for processing. There is one line per file, which I think would be easier to parse up correctly. Unfortunately, I don't really have a lot of time right now to "mess around". Also, I don't have very many files with ACLs, so generating example output would be difficult for me. Hope this helps you at least a small amount. I really think parsing the output above will be easier than the output from getfacl. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of > Mrohs, Ray (JMD) > Sent: Friday, July 27, 2012 2:35 PM > To: LINUX-390@VM.MARIST.EDU > Subject: Any way to summarize system ACL settings? > > Over time, some of my systems have ACLs scattered around and I'm > looking for a way to get a report of which users and groups have ACLs > set across a file system. The closest I got so far is getfacl -Rst / , > but it still gives a lot of detail to sift through. Are there any > utilities that will display ACL privileges in different ways, or > clever programming ideas to put into scripts? > > Ray Mrohs > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to lists...@vm.marist.edu with the message: INFO > LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/