HPE Community
Operating System - HP-UX
1820475 Members
2824 Online
109624 Solutions
New Discussion

ACL default directory permissions

 
Jason Ray
Frequent Advisor

‎03-05-2007 06:00 AM

‎03-05-2007 06:00 AM

ACL default directory permissions

Hey everyone.

We have some applications directories that are shared by multiple developers who need to work on the same scripts. We don't give them access to the same ID, so we use ACL's to allow them to all edit the same files. We typically had this type of structure on Solaris, but we are moving some to hp-ux and I've noticed a difference in the way the ACL's work.

On Solaris if I have a directory called 'scripts' with:

>getfacl scripts

# file: scripts
# owner: axytest
# group: sys
user::rwx
user:opstcp:r-x #effective:r-x
group::r-x #effective:r-x
group:dba:r-x #effective:r-x
group:a_xy:r-x #effective:r-x
group:t_xy:rwx #effective:rwx
mask:rwx
other:---
default:user::rwx
default:group::r-x
default:group:dba:r--
default:group:a_xy:r--
default:group:t_xy:rwx
default:mask:rwx
default:other:---

...and my umask is "022" (our default), and I am a member of group 't_xy', the files I create have these permissions:

>ls -al afile
-rw-rw----+ 1 wj109t2 staff 0 Mar 5 11:23 afile


Now on hp-ux, with a directory called scripts and these ACL's:
>getacl scripts
# file: scripts
# owner: axytest
# group: sys
user::rwx
user:opstcp:r-x
group::r-x
group:dba:r-x
group:a_xy:r-x
group:t_xy:rwx
class:rwx
other:---
default:user::rwx
default:group::r-x
default:group:dba:r--
default:group:a_xy:r--
default:group:t_xy:rwx
default:class:rwx
default:other:---

...and the same umask and group membership, the files that I create are:

>ls -al afile
-rw-r-----+ 1 wj109t2 users 0 Mar 5 13:00 afile

So, looking into it, it seems like HP-UX is working correctly with the umask and default:class and the permissions that files in that directory will have. I'm wondering if Solaris is doing it wrong, or why its different.

But unfortunately, I would like to have the HP-UX permissions work the same. I can get the right file permissions by changing my umask to "02", but I'd rather not do that. And I can't make a user's primary group one of the t_xy groups because they may need to be developers in multiple groups.

So really, is there any way to stay in the 'users' group, keep a umask of "022", and still get a file with these permissions:

-rw-rw----+ 1 wj109t2 users 0 Mar 5 11:23 afile

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.