Carlos E. R. wrote:
On 2010-08-21 03:45, Andreas wrote:
Hi,
I'd be happy if someone could give me a pointer to a way to have more than r,w,x for owner/group/others. Actually I need more than owner/group/others. Have a look in "man acl". It is more versatile, but I don't know how to use it, nor if a user can do it.
Use 'chacl' it's a better interface. setacl/getacl are based on the system calls and not really intended for humans, but more for programs. I always have to look at an example when I use it and don't 'super' understand the 'mask' (for some reason it's used to replace the umask, but not sure why that was considered necessary). I wrote a primitive script to allow to list them: ~romeo/poems> lsacl * [u::rw-,u:juliet:rw-,g::---,m::---,o::---] mylove [u::rw-,g::---,o::---] sonnet1 [u::rw-,g::---,o::---] sonnet2 There's also a QT facility to do single-file acl modifications that does make it more graphically clear but isn't so convenient when doing multiple files: ("Eiciel" - in the suse11.2 distro -- I think it's a french pronunciation of ACL) I don't know all the best ways to use chacl, but this is how you would do what you wanted to do - (note this presume you are using a file system that supports user-level ACL's like XFS or such. If your filesystem doesn't support user-level acl's, you might consider changing your file system to one that does) But assuming your fs supports user-level acl's: then suppose I wanted to add juliet to have access to the rest of them. For whatever reason, when you specify an acl, you always need to include the defaults (user group and other). The mask is necessary when adding any any user (other than the default ones, but for those, you don't need acl's). ~romeo/poems> chacl u::rw-,g::--,o::--,u:juliet:r--,m::-- * ~romeo/poems> lsacl * [u::rw-,u:juliet:r--,g::---,m::---,o::---] mylove [u::rw-,u:juliet:r--,g::---,m::---,o::---] sonnet1 [u::rw-,u:juliet:r--,g::---,m::---,o::---] sonnet2 The format is 1 letter for type (u=user, g=group, o=other), then colon, then "name" of user or group (or blank for default user/group), colon, and 3 characters for r/ead, w/rite, e/x/ecute "rwx" any place where you have the letter it gives the permission, if you don't want to give the permission you use a minus: I only gave 'r' access, so I used a '-' in place of the w and x. The brackets are only there when you list (chacl -l <path> = list <path>), not when you enter them. On a directly you have 2 access lists. 1 for the directory itself, and a very useful ACL, that allows you to specify the *default* acl for each file or subdir you create under that. So if I wanted to make sure that juliet had read access to the directory those files were in AND give her default access to access future files in there (but still restricting others): cmd both acl on the dir itslf (space) default acl for new file nameofdir chacl -b u::rwx,u:juliet:r-x,g::---,m::---,o::--- u::rw,u:juliet:r--,g::---,m::---,o::--- . (it's all in man chacl if my example is lame) then chacl -l . shows: [u::rwx,u:juliet:r-x,g::---,m::---,o::---/u::rw-,u:juliet:r--,g::---,m::---,o::---] . For single files eiciel seem like it would be a big bonus in visualizing what is going on, but Since I work with multiple files, I haven't made much use of it other than to try it out. Hope this is what you meant.... -linda -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org