We are using access control lists to govern publishing access to the folders
used by our web server (Tru64 version 4.0G). As a person is granted
publishing access, the script we wrote modifies each appropriate directory
as follows:
setacl -a -D -u user:smith:rwx dirname
setacl -d -u user:smith:rw- dirname
It also modifies each object in the directory as follows:
setacl -a -u user:smith:rw- filename
This works fine but we recently found a flaw that I can't seem to correct.
All of the directories and files were set to be owned by 'nobody'. After
receiving a call from a person with publishing access, I checked the ACLs and
they were fine. I tried to duplicate his problem with 'su' and shell commands
and found this. If the user owns the file, there's no problem. However, if
the file (and directory) are owned by 'nobody', here's how it behaves:
* He can copy the file to a new name
* He can delete the old file
* He CAN'T copy the copy over the old file (permission violation)
I'm at a loss to explain this one but it's consistent in other directories as
well. If it were a directory write problem, he shouldn't be able to delete
any files OR create any new ones. Any suggestions or explanations would be
_greatly_ appreciated.
================================================================================
Don Newcomer Dickinson College
Associate Director, System and Network Services P.O. Box 1773
newcomer_at_dickinson.edu Carlisle, PA 17013
Phone: (717) 245-1256
FAX: (717) 245-1690
Received on Tue Feb 12 2002 - 14:14:42 NZDT