topic Re: setacl in Operating System - HP-UX

setacl

himacs — Thu, 14 May 2009 13:14:43 GMT

Hi Admins,

I have a strange problem here with setacl.

A normal user wants to open some files under /data01/data.
i used below commands
setacl -m user:bkp:r-- /data01/data
setacl -m user:bkp:r-- /data01

After this when user tried to open it was saying permission denied.
I solved this giving r-x permission with setacl.
But my Q is with r-- why user not able to open files.

regards,
himacs

Re: setacl

Mel Burslan — Thu, 14 May 2009 13:47:10 GMT

never used setacl and don't want to use it ever again in my life but looking at the ACLs you defined, you just gave the user read access to /data01 directory. In order to access the contents of the directory, I presume a user at least needs a r-x permission.

I am not saying this from setacl experience but from a general access permissions standpoint.

One more time, if you get into creating ACLs for users, you will make life miserable for them and for yourself in the long run. I dealt with ACLs in my dark days of VMS administration and it was not fun. Right now, when someone utters the word ACL, I step outside. My 2 cents.

Re: setacl

himacs — Thu, 14 May 2009 14:03:35 GMT

Hi Mel,

Thanks for ur reply..

You are rite.We reuire atleast r-x to access a file.

<>
How? i have not worked much with ACLs.

regards,
himacs

Re: setacl

Mel Burslan — Thu, 14 May 2009 14:09:31 GMT

How is a very good question. Right now you might have few files you assign ACLs to. AFter a while this becomes a common practice and everyone either requests it or you have to give it to them because of the file/directory level permissions not being enough. Not before long time passes, you realize you have hundreds if not thousands of files that you need to keep track of the ACLs for. Not fun ! Especially a user one days comes and tells you he lost access to his or her files and you can not figure out why.