Differences

This shows you the differences between two versions of the page.

--- linux:acls [2016/02/09 15:41] – [Interaction between ACLs and traditional UNIX permissions] jansen
+++ linux:acls [2022/04/13 07:08] (current) – [Permissions and groups] jansen
@@ Line 2: / Line 2: @@
 ===== Permissions and groups =====
-Normal file permissions on Linux (and UNIX) consist of 3 categories: the file user (owner), the group the file belongs to, and all others. For each of these categories, the owner can set a combination of read (r), write(w) and execute (x) permissions.
+Normal file permissions on Linux (and UNIX) consist of 3 categories: the file user (owner), the group the file belongs to, and all others. For each of these categories, the owner can set a combination of read ( r), write(w) and execute (x) permissions.
 [Additionally, there are a couple of special permissions (setuid, setgid, sticky) which are not covered here]
@@ Line 51: / Line 51: @@
 ACLs on remote disks (nfs)
-The description above is for ACLs on local disks. Luckily, there is ACl support in the network file system too. For nfs3 (currently only still in use on our last RedHat 5 servers), ACls can be set and read as on local disks. Nfs4 (default on RHEL6 & 7 and Fedora > 14) comes with its own ACL implementation, unfortunately. There are good reasons for the nfs developers to do that, but it is a bit of a drawback in our case. To manipulate ACLs on a remote disk, users will now have to know on what Linux version that disk resides, and if it is one of the newer versions, they have to use different tools to do the work.
+===== ACLs on remote disks =====
+The description above is for ACLs on local disks. Luckily, there is ACL support in the network file system too. Nfs4 (default on RHEL6 & 7 and Fedora > 14) comes with its own ACL implementation, which is unfortunately a little bit more complex. There are good reasons for the nfs developers to do that, but it is a bit of a drawback in our case. To manipulate ACLs on a remote disk, users have to use different tools to do the work.
 To read ACL info on a nfs4 disk, use nfs4_getfacl, eg:
@@ Line 71: / Line 73: @@
 Here is an example using nfs4_setfacl:
   nfs4_setfacl -a 'A:fd:sfinx@strw.leidenuniv.nl:rwaDxtTcCy' /net/eendracht/data1/acl_test
-This will give the user 'sfinx' approximately the same permissions as rthe owner of the directory (check with ''nfs4_getfacl'' to verify).
+This will give the user 'sfinx' approximately the same permissions as the owner of the directory (check with ''nfs4_getfacl'' to verify).
+===== New: nfs4-acl-editor =====
+Luckily, there is now a working graphical user interface for the NFS4 ACLs, called ''nfs4-acl-editor''. Unfortunately, it is not (yet) integrated into the file manager, so one has to run the command separately, and open the file or directory to work on from the ''file'' menu.
+===== Copying NFS4 ACls =====
+If you have a working ACl setup on one directory, and you want to duplicate that on another, use a command like this:
+  nfs4_getfacl /disks/web1/website1| nfs4_setfacl -R -S - /disks/web2/website2
+====== Devices without ACL support ======
+Unfortunately, not all devices support these ACLs (yet). It is currently not possible to use them on:
+  * /disks/paradata
+  * /disks/vdesk/data2

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools