For those that were like me and resisting utilizing ACL's, there are two main commands to learn: getfacl and setfacl. A test session: As root do this
echo "This is a test file" > /tmp/test.file chmod 640 /tmp/test.file setfacl -m u:admin:rw /tmp/test.file setfacl -m g:users:r /tmp/test.fileNow the admin user has the ability to edit /tmp/test.file and anyone in the users group can read it.
A normal 'ls -alF' shows that there's an acl attached to the file; notice the plus sign at the end of the permissions list, and following that, we see what getfacl says about the file.
$ ls -alF /tmp/test.file -rw-r-----+ 1 root root 161 May 7 09:35 /tmp/test.file $ getfacl /tmp/test.file getfacl: Removing leading '/' from absolute path names # file: tmp/test.file # owner: root # group: root user::rw- user:admin:rw- group::r-- group:users:r-- mask::rw- other::---On a machine where ACL's aren't natively supported yet, when attempting to set the ACL, you'll get this:
$ setfacl -m u:admin:rw /tmp/test.file setfacl: test.file: Operation not supportedThis page states that
For ACLs to work you have to mount whatever partition you want with the option acl. As an example, notice [the partition] /home [from /etc/fstab]:LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 LABEL=/home /home ext3 rw,acl 1 2
-Scott
In reply to Re: semi secure sudo script to allow restricted copy ability
by 5mi11er
in thread semi secure sudo script to allow restricted copy ability
by 5mi11er
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |