ACL's and new file creation questions
> Admins,
>
> I was tasked to examine the usefulness of using ACL in our
> environment. I read through the security manual finding that it seems an
> easy endeavor. To prove to myself that it actually works like stated in
> the manual, I devised a small test to see if I could set ACL the way that
> I wanted. Here is what I did...
>
> BTW This system is using Tru64 5.1, ES40 patch kit 4.
>
>
> 1. Create a directory called /home/test.
>
> ls -ald test
>
> finds that the permissions are set to drwxr-xr-x. User: root Group:
> system. Also I find nothing listed with a
> getacl -d test or
> getacl -D test.
>
> 2. Under my username I changed into test and issued...
>
> touch test_before_acl.
>
> I was unable to create the file due to permissions.
> 3.sudo touch test_before_acl works.
> ls -al gives rw-r--r--....
> getacl test_before_acl gives
>
> user::rw-
> group::r--
> other::r--
>
> 4. now I attempt to set the default acl for the directory test with (after
> cd'ing back)
>
> setacl -d -u user::rwx,group::r--,other::r-- test
>
> getacl -d test
> user::rwx
> group::r--
> other::r--
>
> getacl -D nothing
>
> 5.also a ls -ald test gives rw-r--r-- root system
>
> 6. then to check on the old file
> getacl test_before_acl
>
> user::rw-
> group::r--
> other::r--
>
> 7. create new file
>
> touch test_after_acl... since I am still under my user account I get
> permission denied.
>
> 8. sudo touch test_after_acl... this works.
>
> ls -al gives rw-r--r-- root system
>
> 9. getacl test_after_acl
>
> user::rw-
> group::r--
> other::r--
>
> Why would I not get
>
> user::rw-
> group::r--
> other::r-- ???
>
> I am using ksh, my umask in /etc/profile/ is 022...
>
>
> Lee Brewer
>
>
>
>
Received on Mon Apr 08 2002 - 16:47:55 NZST
This archive was generated by hypermail 2.4.0
: Wed Nov 08 2023 - 11:53:43 NZDT