HPE Community
Operating System - HP-UX
1832566 Members
6021 Online
110043 Solutions
New Discussion

Re: Simple ACL question - Lots of points!!!

 
SOLVED
Go to solution
Helen French
Honored Contributor

‎03-14-2001 07:06 AM

‎03-14-2001 07:06 AM

Simple ACL question - Lots of points!!!

Can anyone give me a quick lesson on ACL's and how they work, I have people able to browse directories that should not be "world" readable. They have no file access but they can see my directory structure and file but can't open them.

I was told that a script is running that resets my ACL's every so often. I'm not sure it's running...

New to the UNIX world,

Andy
Life is a promise, fulfill it!
0 Kudos
Reply
5 REPLIES 5
Bill McNAMARA_1
Honored Contributor

‎03-14-2001 07:33 AM

‎03-14-2001 07:33 AM

Re: Simple ACL question - Lots of points!!!

The man pages you're interested in are
lsacl and chacl
however the use of acls is heavily dependant on your filesystem. You will need JFS version
3.3 to do them or else use HFS filesystems.

What the essentially do is to finetune access
control to files a little more in depth than
just users group and others.

The commandline syntax is a little bizarre, but
well documented in the man.

Later,
Bill
It works for me (tm)
0 Kudos
Reply
Helen French
Honored Contributor

‎03-14-2001 08:01 AM

‎03-14-2001 08:01 AM

Re: Simple ACL question - Lots of points!!!

Does anyone know what "world" means and how can I make sure no one who has no access can not see my directory structure.

No documentation is clear about that.

All the info is great so far.

Andy
Life is a promise, fulfill it!
0 Kudos
Reply
Marcel Boon
Trusted Contributor

‎03-14-2001 09:59 AM

‎03-14-2001 09:59 AM

Re: Simple ACL question - Lots of points!!!

Hi Andrew,


Let me explain the "Access Control List" (acl) a little bit more.
just an example:

(traditional)
ls -l tempfile
-rwxr-xr-x 1 steve sales 138 Jan 4 16:00 tempfile

With access control list:

lsacl -l tempfile
tempfile: # filename
rwx steve.% # read ,write an execute permission for user steve
r-x %.sales # read and execute permission for group sales
r-x %.% # read and execute permission all others (world)

You can see that "others" have read permission on tempfile.
If you want that "others" have no read permission you have to
change the rights on the file with:
chacl "%.% - r)" tempfile


Your question:

"world" is the same as "others"
So if you want that the "world" can not see your directory structure,
you have to change the rights on your directory to -rwxr-x---
if you want that the "world" and "any user in your group"can not see your directory structure,
you have to change the rights on your directory to -rwx------

Just put those permissions on your directory and no one can see your files.

I hope this helps


Marcel

See the man pages
0 Kudos
Reply
Wodisch
Honored Contributor

‎03-15-2001 03:05 PM

‎03-15-2001 03:05 PM

Re: Simple ACL question - Lots of points!!!

Hi,
if you are using VxFS (Veritas or Journaled File Systems)
then you need to install the JFS3.3 (and exchange the
two drivers with a single new one in your kernel).
AND then the commands are NOT "lsacl" and "chacl"
any more, but "getacl" and "setacl" and a different
syntax.
HTH,
Wodisch
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.