HPE Community
Operating System - OpenVMS
1753318 Members
6540 Online
108792 Solutions
New Discussion юеВ

Re: How to identify objects that have an ACL.

 
SOLVED
Go to solution
djk
Advisor

тАО07-08-2010 02:35 PM

тАО07-08-2010 02:35 PM

How to identify objects that have an ACL.

Is there an elegant method of searching across a file system for objects that have a specific ACL?

DIR/ACL [-...] /PAGE=SAVE /SEARCH="TECHSRVC" produces a lot of noise for everything.
0 Kudos
16 REPLIES 16
Hoff
Honored Contributor

тАО07-08-2010 02:55 PM

тАО07-08-2010 02:55 PM

Re: How to identify objects that have an ACL.

Mac OS X does have tools to do this, yes. Oh, sorry, you asked for "elegant". My bad.

Guessing much around your question, have a look at the ACL scrubbing tool available here:

http://labs.hoffmanlabs.com/node/426

This tool can locate specific identifiers, and can optionally delete them. And I wouldn't call it "elegant".
0 Kudos
P Muralidhar Kini
Honored Contributor

тАО07-08-2010 07:53 PM

тАО07-08-2010 07:53 PM

Re: How to identify objects that have an ACL.

Hi,

>> Is there an elegant method of searching across a file system for objects that
>> have a specific ACL?
The DIR command has a /ACL qualifier but it does not take any values.
Hence you need to take the output of DIR/ACL ... and do some parsing for the
ACL's that you are intrested in.


>>DIR/ACL [-...] /PAGE=SAVE /SEARCH="TECHSRVC" produces a lot of noise
>> for everything.
I guess you are referring to SEARCH returning matches for "TECHSRVC" which
are not identifiers. (say a directory name or filename or something like that).
Is that what you mean by noise ?

If thats the case then, you could use /SEARCH="IDENTIFIER=[TECHSRVC]"
instead of /SEARCH="TECHSRVC" to get more filtered data.

Also, my initial thought was that a PIPE command should help you out.
I tried the following thing, but it does NOT work -
$pipe dir/acl [-...] | search sys$pipe "identifier=techsrvc"/window=(1,1)

Looks like the /window is not allowed in the above command. But without the
/window you would not get the filename listed along with the identifiers.

In case the above suggestion does not help much then you may want to hunt
around for some tools, like the one Hoff has suggested.

Hope this helps.

Regards,
Murali
Let There Be Rock - AC/DC
0 Kudos
Shriniketan Bhagwat
Trusted Contributor

тАО07-08-2010 08:11 PM

тАО07-08-2010 08:11 PM

Re: How to identify objects that have an ACL.

Hi,

There are few commands which you can use to list the ACL. For example: $ DIR/ACL, $ SHOW SECURITY etc. But with these commands you can not search the specific ACL. As Murali said you need to use $ PIPE command to search the specific ACL from the out put of $ DIR command like one shown below.

$ PIPE DIR/ACL | SEARCH SYS$PIPE ├в IDENTIFIER=ident_name├в /WINDOW=(n1,n2)


Regards,
Ketan
0 Kudos
P Muralidhar Kini
Honored Contributor

тАО07-08-2010 08:36 PM

тАО07-08-2010 08:36 PM

Re: How to identify objects that have an ACL.

Ketan,

When using the Pipe command, this is what i got -

* PIPE command works fine when SEARCH has /WINDOW=(0,0).
$PIPE DIR/ACL | SEARCH SYS$PIPE "IDENTIFIER=[MURALI]" /WINDOW=(0,0)
(IDENTIFIER=[MURALI],ACCESS=READ)
(IDENTIFIER=[MURALI],ACCESS=WRITE)
(IDENTIFIER=[MURALI],ACCESS=DELETE)

*PIPE command works fine when the /WINDOW has to go forward fetch data
(But then it does give you the filenames that you want).
$PIPE DIR/ACL | SEARCH SYS$PIPE "IDENTIFIER=[MURALI]" /WINDOW=(0,1)
(IDENTIFIER=[MURALI],ACCESS=READ)
B.TXT;1
***************
(IDENTIFIER=[MURALI],ACCESS=WRITE)
C.TXT;1
***************
(IDENTIFIER=[MURALI],ACCESS=DELETE)
D.TXT;1
$


* PIPE command does **NOT** work when /WINDOW has to go back some
lines to fetch data. This is what would have given all the files with the specific ACL's.
$PIPE DIR/ACL | SEARCH SYS$PIPE "IDENTIFIER=[MURALI]" /WINDOW=(1,0)
%SEARCH-F-RFAERR, RMS error using RFA access: RFA = 0, 0
-RMS-F-RAC, invalid record access mode
$

In specific /WINDOW(0,1) works but not /WINDOW(1,0) in a PIPE/SEARCH
combination. Looks like when a matching entry is found, we cannot go behind
'n' lines in SYS$PIPE but only can go ahead 'n' lines.

Regards,
Murali
Let There Be Rock - AC/DC
0 Kudos
Shriniketan Bhagwat
Trusted Contributor

тАО07-08-2010 09:00 PM

тАО07-08-2010 09:00 PM

Re: How to identify objects that have an ACL.

Murali,

Interesting. Thanks for the clarification. So we need to use /WINDOW=(0,1) to print the file name along with the ACL.

Regards,
Ketan
0 Kudos
Joseph Huber_1
Honored Contributor

тАО07-08-2010 10:34 PM

тАО07-08-2010 10:34 PM

Re: How to identify objects that have an ACL.

[
*PIPE command works fine when the /WINDOW has to go forward fetch data
(But then it does give you the filenames that you want).
$PIPE DIR/ACL | SEARCH SYS$PIPE "IDENTIFIER=[MURALI]" /WINDOW=(0,1)
]

Sorry, no, if I see it right, this displays the ACL, followed by the next line, which is either another ACL or the NEXT file-name.
I think there is no way other to write a DCL procedure to wade through the DIR/ACL output,
or write a program using ACP functions to get the ACL information.
See e.g. the routine GETACL in Arne's
http://www.mpp.mpg.de/~huber/vmssig/src/MAR/ACL.MAR

http://www.mpp.mpg.de/~huber
0 Kudos
P Muralidhar Kini
Honored Contributor

тАО07-08-2010 11:32 PM

тАО07-08-2010 11:32 PM

Re: How to identify objects that have an ACL.

Joseph,

>> Sorry, no, if I see it right, this displays the ACL, followed by the next line,
>> which is either another ACL or the NEXT file-name.
Yes, you are right.

Its a Typo in my previous response.

My statement
>> (But then it does give you the filenames that you want).

should have been

>> But then it *** does NOT *** give you the filenames that you want.

Ahh. Typo completely changed the meaning of the statement :)

/WINDOW(1,0) is what we want but then that does not work with PIPE and
hence cannot be used for the mentioned requirement.

>> See e.g. the routine GETACL in Arne's
>> http://www.mpp.mpg.de/~huber/vmssig/src/MAR/ACL.MAR
If i click on the link, the program does not seem to have the formatting.
Not sure if the problem with the program formatting itself or with my browser.

Regards,
Murali
Let There Be Rock - AC/DC
0 Kudos
Joseph Huber_1
Honored Contributor

тАО07-08-2010 11:45 PM

тАО07-08-2010 11:45 PM

Re: How to identify objects that have an ACL.

[
http://www.mpp.mpg.de/~huber/vmssig/src/MAR/ACL.MAR
]

I bet it's Your browser, and it is MSIE having problems.

See the note about MSIE on the bottom of the page above /MAR (.../~huber/vmssig/src/)
or simply download the page instead of displaying it in the browser.
http://www.mpp.mpg.de/~huber
0 Kudos
P Muralidhar Kini
Honored Contributor

тАО07-09-2010 12:01 AM

тАО07-09-2010 12:01 AM

Re: How to identify objects that have an ACL.

Joseph,

>> I bet it's Your browser, and it is MSIE having problems.
Yes, must be.

I used the VIEW->SOURCE in browser and that helped. Thanks.
I will use the program some time later.

Regards,
Murali
Let There Be Rock - AC/DC
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.