HPE Community
Operating System - Linux
1829837 Members
2239 Online
109993 Solutions
New Discussion

Finding ACLs

 
SOLVED
Go to solution
IT_2007
Honored Contributor

‎10-05-2006 01:58 AM

‎10-05-2006 01:58 AM

Finding ACLs

Need to writeup a shell script to find the files which are having ACLs and then get details of each file using getacl command. Trying to tell users that setting up share group is much well controlled than setting ACLs for maintanence.

Any comments, suggestions??

Points will be awarded based on the solution and comments.

Thanks.
0 Kudos
Reply
9 REPLIES 9
Peter Godron
Honored Contributor

‎10-05-2006 02:08 AM

‎10-05-2006 02:08 AM

Re: Finding ACLs

Hi,
see man lsacl:
" List ACLs for all files under mydir:

find mydir -print | sort | xargs lsacl
"
0 Kudos
Reply
IT_2007
Honored Contributor

‎10-05-2006 02:27 AM

‎10-05-2006 02:27 AM

Re: Finding ACLs

I don't know where and which files has been set for ACLs. when I ran above command, I am getting lot like:

lsacl: file "./oracleinstallfiles/9iclient/Disk3/stage/Components/oracle.options.intermedia.imserver/9.2.0.1.0/1": Operation not supported (errno = 223)

so my intention is to find out only the files which are set with ACLs starting from / level.
0 Kudos
Reply
Peter Godron
Honored Contributor

‎10-05-2006 02:41 AM

‎10-05-2006 02:41 AM

Re: Finding ACLs

Hi,
depends on what filesystem setup you have.
Should work on hfs, but fails on vxfs.

Alternative is to either you find -acl (same problem), or use ll as thre will be a '+' at the end of the permissions section for each acl file.
0 Kudos
Reply
IT_2007
Honored Contributor

‎10-05-2006 02:46 AM

‎10-05-2006 02:46 AM

Re: Finding ACLs

As per man page of getacl, it works only for JFS not HFS.

getacl - list access control lists (ACLs) for files (JFS File Systems
only)


I have JFS filesystems and don't want to do on /stand which is HFS.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎10-05-2006 05:44 AM

‎10-05-2006 05:44 AM

Solution

Re: Finding ACLs

Hi,

if you want to ignore files without ACLs sort them out before feeding them to getacl (which will work well for JFS filesystems) or leave the getacl-call:

find mydir -print | xargs ls -god |
awk '$1 ~ ".*+$" {print $NF}' | xargs getacl

You will get problems with xargs with filenames containing spaces (as usual).

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
IT_2007
Honored Contributor

‎10-05-2006 06:06 AM

‎10-05-2006 06:06 AM

Re: Finding ACLs

Peter,

I ran your command and don't know what I am getting from it.

At present my current directory shows + sign for one directory only and doesn't have ACL for files inside it.

drwxrwsr-x+ 2 test test 4096 Sep 29 10:30 validate

Would you please explain?

0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎10-05-2006 10:59 PM

‎10-05-2006 10:59 PM

Re: Finding ACLs

Hi,

if you have a directory reported like this

drwxrwsr-x+ 2 test test 4096 Sep 29 10:30 validate

you have ACLs on it, which should be reported by
getacl validate

Ir does NOT mean, that file in this directory have ACLs as well: The mode of the directory may have been changed after the creation if files in it, and so the 'inheritance ACLs' (if an should be present) just did not exist at creation time.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
IT_2007
Honored Contributor

‎10-06-2006 12:59 AM

‎10-06-2006 12:59 AM

Re: Finding ACLs

I am confused now. It shows the following:

# getacl validate
# file: validate
# owner: test
# group: test
user::rwx
user:sastest:rwx
group::rwx
class:rwx
other:r-x

So what would be the difference between normal file and ACL file ? You mean to say at the creation time ACL might have been set but it changed later?
0 Kudos
Reply
Peter Godron
Honored Contributor

‎10-06-2006 01:09 AM

‎10-06-2006 01:09 AM

Re: Finding ACLs

Hi,
your user sastest will have rwx priv on validate
So can limit to individual users, if you so wish, rather than groups.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.