Hi, I am having some problems with recursive ACL's and I was hoping someone
could help me out. I am not sure if I am missing something but chmod does not
behave as I would expect it too.
I have an existing directory structure with existing files that I want to add a
new group to. The new group should have rwx (like) permissions to all existing
files and directories and any new files/directories should inherit this.
So here is what I did.
1) Recursively add the group to the existing directory and any sub-directories.
I get a whole mess of errors because files should not have inheritance set on
them.
root at fs0 # chmod -R A+group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./
chmod: ERROR: Inheritance flags are only allowed on directories
See chmod(1) for more information on valid ACL syntax
chmod: ERROR: Inheritance flags are only allowed on directories
See chmod(1) for more information on valid ACL syntax
2) I verify that the new permissions are set on one of the directories. The new
group is set on the directory.
root at fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
group:DOMAIN+finance-:rwxpdDaARW----:fd----:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
3) I verify that the new permissions are set on one of the files but the new
group permission is not there.
ls -Vd Fax\ Cover\ Sheet.doc
-rwx-w----+ 1 DOMAIN+tuserb DOMAIN+domain users 36864 Mar 24 11:40 Fax
Cover Sheet.doc
owner@:----dDaARW----:------:allow
user:DOMAIN+tuserb:rwxp---A-W-Co-:------:allow
group:BUILTIN+users:rwxpdDaARW----:------:allow
everyone@:-------A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:r-x-----------:------:deny
group@:-w-p----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
4) So I try and back out my ACL changes by using the exact same chmod command I
used to apply the ACL but switching the A+ to an A- and I get ACL entry does
not exist
root at fs0 # chmod -R A-group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow ./
chmod: ERROR: ACL entry doesn't exist
5) If I verify if the ACL was removed I see it was not.
root at fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
group:DOMAIN+finance-:rwxpdDaARW----:fd----:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
6) The recursive remove didnt work but I can remove the ACL by specifying the
directory.
root at fs0 # chmod A-group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow
./Documents
root at fs0 # ls -Vd ./Documents
drwxrwx---+ 2 DOMAIN+tuserb BUILTIN+users 33 Mar 24 11:41 Documents/
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
-----------------------------------
If I try to do a recursive ACL update on the root of a ZFS file system I get an
ERROR.
root at fs0 # zfs list | grep tuserb
export/Users/tuserb 31.7M 11.6T 31.7M
/export/Users/tuserb
root at fs0 # chmod -R A+group:DOMAIN+finance-users:wpdDxraRAwW:fd:allow
./tuserb
chmod: ERROR: ACL type's are different
This message posted from opensolaris.org
