Re: inheritted file permissions??

Luc N. Allard · ‎10-27-2008

SAS folder:
drwxr-x--- 2 ddeadmin dad 8192 Oct 15 13:09 sas
with files:
-rw-r----- 1 ddeadmin dadphac 4016 filephac
-rw-r----- 1 ddeadmin dadhc 4320 filehc
-rw-r----- 1 ddeadmin dad 5249 file1
-rw-r----- 1 ddeadmin dad 5249 file2
-rw-r----- 1 ddeadmin dad 5249 file3 ..etc

All users need access to dad group owned files.
Only users in both dad and dadphac should see filephac.
Only users in both dad and dadhc should see filehc.
But everyone can see everything. Is this becuz they inherit the rights at the directory level?
If so, how can I get by this please?

Jeeshan · ‎10-27-2008

you can use ACL to give permission either group level or user level permission. use
setacl command.

a warrior never quits

Luc N. Allard · ‎10-27-2008

Hi Asham, thanks for the quick response. The system doesn't have JFS so the ACL cmd doesn't work (core dump).

Dennis Handly · ‎10-27-2008

>All users need access to dad group owned files.

Read or read/write? You need to add rx to the SAS directory for them to see the files there.

>Only users in both dad and dadphac should see filephac.
>Only users in both dad and dadhc should see filehc.

This requires ACLs.

>But everyone can see everything. Is this because they inherit the rights at the directory level?

The directory level allows you to know there is a file there. You have to all more permissions to be able to read or read/write the file.

>The system doesn't have JFS so the ACL cmd doesn't work (core dump).

You could use VXVS too. Do you just have HFS or NFS?
What ACL command aborted?
What does "bdf your-directory" show?

Luc N. Allard · ‎10-28-2008

Hi Dennis,

Sorry, all of the users are in the 'dad' group. Also, of all of these users, they are all in either the phacdad or phachc groups but not both.

bdf - lot's of room, 2GB.

fstab entry for this mount point:
/dev/vg03/lvol1 /data vxfs rw,suid,largefiles,delaylog,datainlog 0 2

ACL cmd??:
setacl -m group:dadhc:r-- filehc

Dennis Handly · ‎10-28-2008

>all of the users are in the 'dad' group.

That's how they can see the files.

>everyone can see everything. Is this because they inherit the rights at the directory level?

Yes. There is nothing you can do about it, not even ACLs. You can either see all or nothing in a directory. Whether you can access the files depends on the file properties.

>bdf - lot's of room, 2GB.

The purpose of the bdf was to find the filesystem type. But you need to make two passes (or root to use fstyp(1M)):
bdf -t vxfs
bdf your-directory

If the second shows up in the first, you can create ACLs.

>setacl -m group:dadhc:r-- filehc

This works fine for vxfs on 11.23.

Luc N. Allard · ‎10-29-2008

Thanks Dennis. I'll convince the client to let me put the two special files into separate directories.

Luc N. Allard · ‎10-29-2008

Dennis provided the answer I required.

Dennis Handly · ‎10-29-2008

>Thanks Dennis.

If you were happy with the answers given, please read the following about reopening threads and assigning points:
http://forums.itrc.hp.com/service/forums/helptips.do?#41
http://forums.itrc.hp.com/service/forums/helptips.do?#33

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: inheritted file permissions??

inheritted file permissions??