HPE Community
Operating System - HP-UX
1848428 Members
5218 Online
104027 Solutions
New Discussion

acl's on hpux11.11 jfs 3.3

 
Les Gandee
New Member

‎11-05-2003 11:06 PM

‎11-05-2003 11:06 PM

acl's on hpux11.11 jfs 3.3

I have been experiencing inconsistent results from an ACL with a default:user option set up on a directory
Setting the default:group:râ option cured the problem.

Actual problem details

User asg123 in asg group
User dev123 in dev group with secondary group asg
User dev456 in dev group with secondary group asg

ACL on directory acl-dir

user::rwx
user:asg13:râ
group::r-x
class:r-x
other:---
default:user:asg123:râ

acl-dir owned by user dev123 drwxr-s--- dev123 dev

User dev456 could read files created by user dev123 in directory acl-dir. Now canâ t.
Nothing appears to have changed.

Running a >setacl â m g::râ on a file in the directory makes it readable by dev456, although the output from getacl for that file does not change.

Adding a default:group:r-- option to the acl-dir directory cured the problem.

Question!
On hpux 11.11 with jxf3.3 do you have to set up all default:group and default:class options if the default:user option is added. The man pages on some unix versions appear to suggest this, but hpux does no
0 Kudos
Reply
3 REPLIES 3
Denver Osborn
Honored Contributor

‎11-06-2003 01:19 AM

‎11-06-2003 01:19 AM

Re: acl's on hpux11.11 jfs 3.3

If the default option is used this means that when a new file or directory is created, it is given the default acl permissions.

You should test it out to see for your self. Make a test dir without the default user and group acl set, create a file and look at the acl's for it. Then set a default acl, create a new file and look at it's acl's. They will be the "default" you specified.

my feeling is that when you didn't set a default acl, new files created by dev123 could not be read by dev456 because the default acl perm didn't allow for it.

Hope this helps,
-Denver
0 Kudos
Reply
Les Gandee
New Member

‎11-06-2003 02:14 AM

‎11-06-2003 02:14 AM

Re: acl's on hpux11.11 jfs 3.3

Many thanks for reply

I created an input file (acl.dat) as above, loaded in with the >setacl -f acl.dat acl-dir command.

>getacl acl-dir showed the defaults had been applied Ok.
> getacl on a file created in acl-dir showed the default:user set up ok.

I suspect that if the default:user is set, then the other defaults need to be added. But have found no documentation ( or not understood )that states this.
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎11-06-2003 03:45 AM

‎11-06-2003 03:45 AM

Re: acl's on hpux11.11 jfs 3.3

I'm in no way an expert when it comes to fully understanding JFS ACLs, I don't work with them enough.

Anywho, if you haven't seen this doc it might be some good reading.

http://www.docs.hp.com/hpux/onlinedocs/os/jfs_acl.pdf

A little more info than the man pages.

-Denver
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.