- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Propogating ACL's To New Files
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 09:50 PM
тАО08-08-2007 09:50 PM
Consider this scenario.
Directory is owner by SYSTEM
ACL on directory grants user 'X' Read+Write
File A.B is created by SYSTEM with default protection of (G:R,W:R)
User 'X' needs Read+Write+Delete access to file A.B by default (i.e. without issuing a separate SET SECURITY command).
Thanks, Rob.
Solved! Go to Solution.
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 10:07 PM
тАО08-08-2007 10:07 PM
Re: Propogating ACL's To New Files
You want to create ACEs in the directory's Access Control List that specify DEFAULT access.
I have to keep this short now, but I will post again shortly.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 10:16 PM
тАО08-08-2007 10:16 PM
Re: Propogating ACL's To New Files
/ACL=(IDENT=USERX,DEFAULT_PROTECTION,ACCESS=READ+WRITE+DELETE)
...but got an error back. I guess the syntax is wrong somewhere.
Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 10:19 PM
тАО08-08-2007 10:19 PM
Solutionyou setup an ACE on the parent directoryfile with option DEFAULt, e.g.
$ Set Acl /Object=File -
/Acl=(Ident=USER_X,Access=R+W+D,Option=Default)-
DIREC.DIR
so every file created in DIREC gets this ACE.
It is also possible to specify a default protection schema like:
$ Set Acl /Object=File -
/Acl=(DEFAULT_PROTECTION,-
SYSTEM:RWED,OWNER:RWED,GROUP:RE,WORLD:RE,-
OPTIONS=DEFAULT)
Pls. note that file which already exist in the directory, will not get the ACE, it should be entered manually.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 10:33 PM
тАО08-08-2007 10:33 PM
Re: Propogating ACL's To New Files
Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2007 10:35 PM
тАО08-08-2007 10:35 PM
Re: Propogating ACL's To New Files
Sorry for the delay. I was attending to something urgent.
The following test case illustrates what I believe was requested in the post:
$ CREATE/DIRECTORY [.TEMP]
using EDIT/ACL add an ACE to the ACL as follows:
(IDENTIFIER=[1,1],OPTION=DEFAULT,ACCESS=READ)
[I freely admit that this is a nonsense example, bit it does convey the point)
Now, do:
$ COPY NL: [.TEMP]X.X
$ DIRECTORY/ACL [.TEMP]X.X
And the ACL will be correctly defaulted on [.TEMP]X.X
Information on the ACLs and ACEs is, among other places, in Chapter 1 of the "System Utilities Reference Manual", available from the OpenVMS www site at http://www.hp.com/go/openvms
I hope that the above is helpful.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2007 08:37 PM
тАО08-09-2007 08:37 PM
Re: Propogating ACL's To New Files
$ set security/acl[=(ace[,...])] object-name
JT:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2007 08:57 PM
тАО08-09-2007 08:57 PM
Re: Propogating ACL's To New Files
>>>
Pls. note that file which already exist in the directory, will not get the ACE, it should be entered manually.
<<<
For completeness:
$ SET ACL/DEFAULT [.dirspec]*.*.*
is all that needs done "manually"
There also is SET SECURITY, but that also affects ownership & default protectection. Of course, that might well be what you wish.
hth
Proost.
Have one on me.
jpe