Mr. Hu Mongous wrote:
Thanks for the response. I guess I didn't make myself 100% clear. I executed
/usr/bin/ls -dv /zstorage/Software and got the following:
r...@osbox:~# /usr/bin/ls -dv /zstorage/Software/
drwx------+ 17 root root 28 Apr 9 21:03 /zstorage/Software/
0:user:user:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/write_xattr/execute
/delete_child/read_attributes/write_attributes/delete/read_acl
/write_acl/write_owner/synchronize:deny
1:group@::deny
2:group@::allow
3:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
4:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
5:owner@::deny
6:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow
7:group@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/execute:deny
8:group@::allow
9:everyone@:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/write_xattr/execute/write_attributes
/write_acl/write_owner:deny
10:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
Is there a command that I can run to remove everyones access ? Or does this
need to be done one by one? I would like to remove all access to everything
thing in /zstorage/Software (subdirectories and all files). I then would like
to give root full control then add access via group permissions.
If you want to replace the entire ACL and have it replaced with one that
matches the current mode then you can do this.
# chmod A- /zstorage/Software
but if all you want it to allow only root to have full permission then
this would work
# chmod A=user:root:full_set:allow /zstorage/software
Or use owner@ for greater flexibility
# chmod A=owner@:full_set:allow /zstorage/Software
using owner@ has the advantage that if you later chown(1) the directory
the new owner will automatically pick up the full permissions.
You can then prepend other ACEs onto the ACL
# chmod A+group:staff:read_set:allow /zstorage/Software
My next test is to create a new group (software) and add user "soft" to it. I
will then only allow the group and root access to the directory including all its files.
This is somewhat confusing and the information in Chapter 11 (p.401-404) just isn't
enough. I create my user and added it to the group using the desktop GUI.
Is this the right permissions that I need?
r...@osbox:~# /usr/bin/chmod
A+group:software:read_data/write_data:file_inherit:allow /zstorage/Software/
You probably would want to include
read_attributes/write_attributes/read_acl. The permissions that you
need to include is dependent upon what you want that user to be allowed
to do.
You should take a look at the ZFS admin guide which has lots of examples
of ZFS ACLs.
http://opensolaris.org/os/community/zfs/docs/zfsadmin.pdf
Followed by
/usr/bin/chgrp -R software /zstorage/Software
/usr/bin/chown -R soft /zstorage/Software
/usr/bin/chmod -R 760 /zstorage/Software
It looks like I have much reading ahead of me... :-(
Thanks to all those reading this post and helping me through this ordeal,
Mr. Hu Mongous
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
