ACL (access control list) howto list them?

ACL (access control list) howto list them?

Post by ONPRVP AIX system administrator » Thu, 09 Mar 2000 04:00:00



Is there a way to list files having an ACL in every filesystems?

There are the commands:
    - ls -le         giving a '+' in column 11 if acl is defined
    - aclget      giving '

But, is there an option for command 'find' allowing to search for ACLs in
every fs?

 
 
 

ACL (access control list) howto list them?

Post by Bill Pembert » Thu, 09 Mar 2000 04:00:00




Quote:>Is there a way to list files having an ACL in every filesystems?

>There are the commands:
>    - ls -le         giving a '+' in column 11 if acl is defined
>    - aclget      giving '

>But, is there an option for command 'find' allowing to search for ACLs in
>every fs?

find . -perm -200000000

--
Bill

 
 
 

ACL (access control list) howto list them?

Post by Norman Levi » Fri, 10 Mar 2000 04:00:00





> >Is there a way to list files having an ACL in every filesystems?

> >There are the commands:
> >    - ls -le         giving a '+' in column 11 if acl is defined
> >    - aclget      giving '

> >But, is there an option for command 'find' allowing to search for ACLs in
> >every fs?

> find . -perm -200000000

*** and  find . -perm -100000000
*** to see if the tcb bit is on

Quote:> --
> Bill

--
Norman Levin
 
 
 

ACL (access control list) howto list them?

Post by Nicholas Buckle » Mon, 13 Mar 2000 04:00:00


Hi Bill / Norm,

I'm not questioning your solution, but can you explain why it works ?

That is, we know that the fourth bit in chmod is for SUID, SGID and Sticky
bit,

So how do we interpret

find . -perm -200000000 and  find . -perm -100000000

Just curious really...

Nick Buckley,
Senior AIX Systems Engineer,
NCM,
Cardiff,
UK.


(Please note: all newsgroup offerings are made in a personal
capacity and in no way are the responsibility of my employer)

p.s. Did you know that "AIX Operating System" is an anagram of "Mega *
partitions" !!!





>> >Is there a way to list files having an ACL in every filesystems?

>> >There are the commands:
>> >    - ls -le         giving a '+' in column 11 if acl is defined
>> >    - aclget      giving '

>> >But, is there an option for command 'find' allowing to search for ACLs
in
>> >every fs?

>> find . -perm -200000000
>*** and  find . -perm -100000000
>*** to see if the tcb bit is on
>> --
>> Bill

>--
>Norman Levin

 
 
 

ACL (access control list) howto list them?

Post by Bill Pembert » Tue, 14 Mar 2000 04:00:00




>Hi Bill / Norm,

>I'm not questioning your solution, but can you explain why it works ?

It works because there are more than just the bits you are used to
working with using chmod....

The man page for find even says "OctalNumber parameter may be up to
nine octal digits", so you know that right there tells you there is
more than the 4 you are (probably) used to dealing with.  It just
happens that octal 200000000 is what IBM uses to denote that an acl is
set.  I don't remember where I first learned that, I just made a note
of it when I did.

--
Bill

 
 
 

ACL (access control list) howto list them?

Post by Norman Levi » Wed, 15 Mar 2000 04:00:00



> Hi Bill / Norm,

> I'm not questioning your solution, but can you explain why it works ?

> That is, we know that the fourth bit in chmod is for SUID, SGID and Sticky
> bit,

> So how do we interpret

> find . -perm -200000000 and  find . -perm -100000000

> Just curious really...

** ah Horatio, there are more things then are drempt in your philosophys...
Clearly there are more bits that can be tested in IBM's inodes then are
well documented.  I got this find out of the V3 mksysb procedure that
used tar to back up files.  Since tar and cpio do not know about acls,
something had to be done to preserve this information.  That's where
I found the find -perm option.  If anybody has better documentation,
please jump in.

> Nick Buckley,
> Senior AIX Systems Engineer,
> NCM,
> Cardiff,
> UK.


> (Please note: all newsgroup offerings are made in a personal
> capacity and in no way are the responsibility of my employer)

> p.s. Did you know that "AIX Operating System" is an anagram of "Mega *
> partitions" !!!





> >> >Is there a way to list files having an ACL in every filesystems?

> >> >There are the commands:
> >> >    - ls -le         giving a '+' in column 11 if acl is defined
> >> >    - aclget      giving '

> >> >But, is there an option for command 'find' allowing to search for ACLs
> in
> >> >every fs?

> >> find . -perm -200000000
> >*** and  find . -perm -100000000
> >*** to see if the tcb bit is on
> >> --
> >> Bill

> >--
> >Norman Levin

--
Norman Levin
 
 
 

ACL (access control list) howto list them?

Post by Juli » Wed, 15 Mar 2000 04:00:00




> > Hi Bill / Norm,

> > I'm not questioning your solution, but can you explain why it works ?

> > That is, we know that the fourth bit in chmod is for SUID, SGID and
Sticky
> > bit,

> > So how do we interpret

> > find . -perm -200000000 and  find . -perm -100000000

> > Just curious really...
> ** ah Horatio, there are more things then are drempt in your
philosophys...
> Clearly there are more bits that can be tested in IBM's inodes then are
> well documented.  I got this find out of the V3 mksysb procedure that
> used tar to back up files.  Since tar and cpio do not know about acls,
> something had to be done to preserve this information.  That's where
> I found the find -perm option.  If anybody has better documentation,
> please jump in.

I believe all of the bits are in <sys/stat.h> or <sys/mode.h>, I forget
which.

-- Julie.

 
 
 

1. Access Control Lists (ACL) for Solaris 2.6?

Is there such a thing as Access Control Lists for Solaris 2.6.  The
Apollo OS, Domain O/S, used
to have ACL's that would control access to files and directories.
Additional users could be
added to the ACL's, with different access rights than other users.

If ACL's are not supported in Solaris 2.6, is there any 3rd party
software that does?

Thanks,
Mike McG

*****************************************************************************
** NASA                                 Michael J. McGunigale
** Goddard Space Flight Center          Raytheon STX Corporation
** Mailstop 931.0                       Phone: 301.286.7741
** Greenbelt, MD. 20771                 Email:

**
**      >>>>> Standard disclaimer - personal opinions only! <<<<<
*****************************************************************************

2. concerns us all, please read

3. ACL Access Control Lists ?

4. Downloading thru serial port

5. ACL (Access Control List) Security Question

6. Freebsd server crashes

7. Access control list (ACL)

8. MediaOne and RedHat

9. ACL's (Access Control Lists)

10. ACL (Access Control List) Question #2

11. Specific Permissinon Control//Access Control List for Linux?

12. Access-control Lists?

13. Access Control Lists