Difference between revisions of "ACL"
From Blue-IT.org Wiki
(→Backup) |
(→NFS) |
||
Line 33: | Line 33: | ||
Now every file from any user accessing this directory will be readably/writable for the group ''exchange''. | Now every file from any user accessing this directory will be readably/writable for the group ''exchange''. | ||
+ | |||
+ | ==Samba== | ||
+ | ===Prepare the directory=== | ||
+ | chown exchange.exchange /home/exchange | ||
+ | chmod 2775 /home/exchange | ||
+ | sudo setfacl -d --set u::rwx,g::rwx,o::rx /home/exchange | ||
+ | |||
+ | '''smb.conf''' | ||
+ | [exchange] | ||
+ | path = /home/exchange | ||
+ | browseable = yes | ||
+ | writable = yes | ||
+ | create mask = 0664 | ||
+ | directory mask = 0775 | ||
==NFS== | ==NFS== |
Revision as of 19:04, 25 November 2007
Contents
Use Case
Peter, Paul and Mary are working with one directory tree. They share, use and edit the same files. They all belong to the system group users. But the directory the should be able to write on belongs to the group exchange.
/home | /exchange | /peters_subdir | /peters_file.txt /pauls_subdir | /pauls_file.odf maries_file.doc
Links
- Indiana University Dep. of Comupter Science
- German - Was ist die umask? Wie kann ich sie festlegen?
- German - Wie nutzt man ACLs (Access Control Lists) richtig?
Use it
Enable ACL
Enable the ACL's in fstab
/etc/fstab /home /dev/hdx ext3 defaults,exec,acl 1 2
Create a new group exchange
Create the new group exchange. In some cases it could be wise to create a user with the same name too, with its own home directory and the default group exchange. Don't forget to set the default group for the user.
chgrp exchange /home/exchange/ chmod g+s /home/exchange
Add ACL support
Changing the default umask for the certain directory and all subdirectories
setfacl -d -m mask:007 /home/exchange/
Now every file from any user accessing this directory will be readably/writable for the group exchange.
Samba
Prepare the directory
chown exchange.exchange /home/exchange chmod 2775 /home/exchange sudo setfacl -d --set u::rwx,g::rwx,o::rx /home/exchange
smb.conf
[exchange] path = /home/exchange browseable = yes writable = yes create mask = 0664 directory mask = 0775
NFS
Change your fstab mount options. Important is to add acl in the options part.
nfs_server:/home/exchange /home/your_account/exchange nfs \ rw,acl[,...] 0 0
Manually mount like this:
mount -t nfs -o rw,acl[,...] \ nfs_server:/home/exchange /home/your_account/exchange
[,...] stands for e.g. one of these mount options
,rsize=8192,wsize=8192,user,timeo=10,intr
Backup
If you like to backup directories or files with acl's, you have to use the star (a tar clone) backup utility.
Tools like rsync or tar don't support acl backup at time of this writing. This will change in future.