SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ : Media/Device Information, Filesystems, and Disks :
How do I institute ACL's on a Uw7/OSR6 system?
getacl
setacl
Below are two examples of using ACL's:
Ex.1) Simple -- /usr/local/man directories
----------------------------------------------------------------
* All your skunkware man pages get installed into
/usr/local/man/man1 ... /usr/local/man/man8
But they need to be converted and _written_ to the
/usr/local/man/cat1 ... cat8
directories before thay can be displayed properly.
But writing to the cat1 ... cat8 directoires is not
allowed by the permissions on those directories
-rwxr-xr-x root sys cat1
-rwxr-xr-x root sys cat2
...
-rwxr-xr-x root sys cat8
when you're logged in as your normal username.
* This can be fixed by adding write permissions with ACL's
for certain users (yourself). If you set this up, then
you won't get those nagging "wrong display" errors.
# cd /usr/local/man
# getacl cat1
# setacl -r -m u:matthew:rwx cat1
# ls -l
# getacl cat1
That'll do it. Now just replace the cat1 by cat* to set
this on all the cat directories.
Ex.2) Detailed -- Adding ACL's for a user and a groups
------------------------------------------------------------------
* We'll be adding 'r--' permissions on a file
for two entities, the group 'graphics' and the user 'sysop':
* We'll add these permissions because the file is called
/home/data/turt/logo, and the relevant permissions are:
drwxr-xr-x 2 root sys Oct 20 21:00 data
drwxrwx--- 2 root turtles Oct 22 21:20 turt
-rw-rw---- 1 yurtle turtles Oct 20 22:00 logo
and from the permissions, we can see that sysop and the graphics
group can't read nor access the turt directory, nor can they
read the actual file, logo.
Thus we'll have to add acl's for both turt and logo, to give sysop
and graphics read access all the way down the path. It's very important
to be sure that the perms are correct for each directory and file
in the path.
* Here are the before and after ACL's, then we'll discuss how to do it:
Before ACL's After ACL's
------------------------------- --------------------------------------
# file: logo # file: turt # file: logo # file: turt
# owner: yurtle # owner: root # owner: yurtle # owner: root
# group: turtles # group: turtles # group: turtles # group: turtles
user::rw- user::rwx user::rw- user::rwx
group::rw- group::rwx user:sysop:r-- user:sysop:r-x
class:rw- class:rwx group::rw- group::rwx
other:--- other:--- group:graphics:r-- group:graphics:r-x
class:rw- class:rwx
other:--- other:---
* As root or Yurtle, cd into /home/data/
* You can list the ACL with getacl turt * You set the ACL with --> setacl -m u:sysop:r-x turt setacl -m g:graphics:r-x turt * Then cd /home/data/turt --> setacl -m u:sysop:r-- logo setacl -m u:graphics:r-- logo
Default Directory ACL's ***********************
Let's say that you get tired of adding r-- permissions for sysop to all the files in the directory turt, and you want to set a default ACL entry on that directory. It's been broken since 7.0.0, but it works on UnixWare 7.1.4, 7.1.3, OpenUNIX 8 and OpenServer 6.0.0.
Here's how to add a default ACL entry, should it ever work:
* As root, cd in /home/data * Set the ACL on the directory: setacl -m d:u:sysop:r-- turt
<mschalit@pacbell.net>
gerberb@zenez.com
Why isn't my Yamaha 4416S recognized after I install it?