Fab Sidoli
Contributor
- Joined
- May 15, 2019
- Messages
- 114
Hi All,
I'm trying to get my head around the behaviour of ACLs in 11.3.
I have a dataset with the following ACLs
root # getfacl /mnt/store/home/fs
# file: /mnt/store/home/fs
# owner: fs
# group: sysgrp
owner@:rwxp--aARWcCos:-------:allow
group@:------a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
In the BUI, if I add a user and give it full control I need to set Inheritance otherwise it won't let me add the ACL, despite the fact that none of the other options have inheritance enable. The CLI lets me do this. Anyway, out of curiosity, I do this in the BUI. Now the ALCs look like this.
root # getfacl /mnt/store/home/fs
# file: /mnt/store/home/fs
# owner: fs
# group: sysgrp
owner@:rwxp--aARWcCos:-------:allow
group@:------a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
user:bacadm:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
I'm not sure I understand why the last ACL entry exists. Which presides? ACL 2 or 4 (note we start from 0 as far as setfacl is concerned). Via the CLI the new entry would actually appear at the top of this list, so user, owner@, group@, everyone@.
If I now try to remove the ACL I just added I can't because I'm told I need to have one inheritable ACL set.
From the command line, the following gets me back to where I started in both the BUI and CLI.
root # setfacl -x 4 /mnt/store/home/fs
root # setfacl -x 3 /mnt/store/home/fs
Questions:
1. How do the BUI and CLI relate? Does the BUI translate from the CLI and present a graphical representation?
2. What's the safest way to edit ACLs? The BUI or CLI (I'm most familiar with the latter).
3. I like the recursive feature of the BUI, show is achieved on the command line that doesn't involve an exec?
4. What is this extra everyone@ ACL actually for?
Thanks,
Fab
I'm trying to get my head around the behaviour of ACLs in 11.3.
I have a dataset with the following ACLs
root # getfacl /mnt/store/home/fs
# file: /mnt/store/home/fs
# owner: fs
# group: sysgrp
owner@:rwxp--aARWcCos:-------:allow
group@:------a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
In the BUI, if I add a user and give it full control I need to set Inheritance otherwise it won't let me add the ACL, despite the fact that none of the other options have inheritance enable. The CLI lets me do this. Anyway, out of curiosity, I do this in the BUI. Now the ALCs look like this.
root # getfacl /mnt/store/home/fs
# file: /mnt/store/home/fs
# owner: fs
# group: sysgrp
owner@:rwxp--aARWcCos:-------:allow
group@:------a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
user:bacadm:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
I'm not sure I understand why the last ACL entry exists. Which presides? ACL 2 or 4 (note we start from 0 as far as setfacl is concerned). Via the CLI the new entry would actually appear at the top of this list, so user, owner@, group@, everyone@.
If I now try to remove the ACL I just added I can't because I'm told I need to have one inheritable ACL set.
From the command line, the following gets me back to where I started in both the BUI and CLI.
root # setfacl -x 4 /mnt/store/home/fs
root # setfacl -x 3 /mnt/store/home/fs
Questions:
1. How do the BUI and CLI relate? Does the BUI translate from the CLI and present a graphical representation?
2. What's the safest way to edit ACLs? The BUI or CLI (I'm most familiar with the latter).
3. I like the recursive feature of the BUI, show is achieved on the command line that doesn't involve an exec?
4. What is this extra everyone@ ACL actually for?
Thanks,
Fab