Getting RID of Access Control Lists (ACLs)

Getting RID of Access Control Lists (ACLs)

Post by Keith Michae » Fri, 30 Apr 1999 04:00:00



We all know that ACLs are all hosed up in Solaris, and poorly
documented to boot.  So now that I'm done playing around with
them, I have to get RID of them on my files.  This is just as
difficult:

$ ls -ld .
drwxrwx---+  4 ehp8450  I2_101       512 Apr 20 08:29 .
$ getfacl .

# file: .
# owner: ehp8450
# group: I2_101
user::rwx
group::rw-              #effective:rw-
mask:rwx
other:---
default:user::rwx
default:group::rw-
default:mask:r--
default:other:---

I want all the lines with "default" to go away, and I want
the "+" to go away on the ls -l.

$ setfacl -md default:user::rwx .
default:user::rwx: failed to get acl count
get acl count error: No such file or directory

$ setfacl -md .
Can't find colon delimiter m

Any better ideas?

--
 -------------------------------------------------------------
| Keith R. Michaels   Archival Evangelist                     |
| (425)865-6415       Boeing Archival Service (ufs.boeing.com)|
| Enterprise Servers, Technical Services, SSG.                |
 -------------------------------------------------------------

 
 
 

Getting RID of Access Control Lists (ACLs)

Post by Peter C. Tribb » Fri, 30 Apr 1999 04:00:00




Quote:> We all know that ACLs are all hosed up in Solaris, and poorly
> documented to boot.  So now that I'm done playing around with
> them, I have to get RID of them on my files.  This is just as
> difficult:

I have this little script (called delfacl):

#!/bin/sh
#
# delfacl - delete Solaris ACLs
#
case $# in
0)
        echo "Usage: delfacl file ..."
        exit 1
        ;;
esac
#
# loop over arguments
#
for file in $*
do
  if [ -f $file -o -d $file ]; then
        /bin/getfacl $file | /bin/egrep '^(user::|group::|mask:|other:)' | /bin/setfacl -f - $file
  else
    echo "$file not found"
  fi
done

(Essentially, it extracts those lines from getfacl that correspond to
the normal permissions, and sets the ACL to that, thereby deleting all
the real ACL entries. Imperfect, but much easier than trying to type
setfacl commands by hand.)

--
-Peter Tribble
HGMP Computing Services
http://www.hgmp.mrc.ac.uk/~ptribble/

 
 
 

1. Access Control Lists (ACLs) and other questions

Hello Everyone,

These questions are in reference to the HP 9000 series 700 (hp-ux ver.
9.0), however if anyone has any possible solutions - please let me know.

I've been reading over the "HP-UX System Security" book regarding ACLs
(Access Control Lists) and it hasn't been that clear (especially, when
it gets into long form ACLs versus short form, etc...).

1.  Does anyone know of any sources of information that would give clearer
examples of ACL creation?

2.  Additionally, does anyone know of any shells that make ACL entry "easier"
(or perhaps ftp sites to places that have such shell type examples)?

3.  From an overall security point of view has anyone come across any good
info sources (or applications) that enforce a particular DAC
(Discretionary Access Control) policy?

Thanks for any and all responses.

E.


2. Where is refer_log and agent_log?

3. NFS and ACLs (Access Control Lists)

4. Spea grahics card FGA 860 (ISA Bus) dual card adapter with Intel I860 secondary card

5. Access Control List (acls) does Solaris have them??

6. Interpreting 'sar' output

7. getting rid of a file listing

8. aioread

9. Need something like Domain/OS ACLs for BSD -- access control

10. Specific Permissinon Control//Access Control List for Linux?

11. ACL (access control list) howto list them?

12. How to get rid of tty control chars?

13. Hot to get rid of control chars ?