Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris ZFS Administration Guide
Previous Next

Setting and Displaying ACLs on ZFS Files in Compact Format

You can set and display permissions on ZFS files in a compact format that uses 14 unique letters to represent the permissions. The letters that represent the compact permissions are listed in Table 7-2 and Table 7-3.

You can display compact ACL listings for files and directories by using the ls -V command. For example:

# ls -V file.1
-rw-r--r--   1 root     root      206663 Feb 16 11:00 file.1
            [email protected]:--x-----------:------:deny
            [email protected]:rw-p---A-W-Co-:------:allow
            [email protected]:-wxp----------:------:deny
            [email protected]:r-------------:------:allow
         [email protected]:-wxp---A-W-Co-:------:deny
         [email protected]:r-----a-R-c--s:------:allow

The compact ACL output is described as follows:

[email protected]

The owner is denied execute permissions to the file (x=execute).

[email protected]

The owner can read and modify the contents of the file (rw=read_data/write_data), (p=append_data). The owner can also modify the file's attributes such as timestamps, extended attributes, and ACLs (A=write_xattr, W=write_attributes, C=write_acl). In addition, the owner can modify the ownership of the file (O=write_owner).

[email protected]

The group is denied modify and execute permissions to the file (rw=read_data/write_data, p=append_data, and x=execute).

[email protected]

The group is granted read permissions to the file (r=read_data).

[email protected]

Everyone who is not user or group is denied permission to execute or modify the contents of the file, and to modify any attributes of the file (w=write_data, x=execute, p=append_data, A=write_xattr, W=write_attributes, C=write_acl, and o=write_owner).

[email protected]

Everyone who is not user or group is granted read permissions to the file and the file's attributes (r=read_data, a=append_data, R=read_xattr, c=read_acl, and s=synchronize). The synchronize access permission is not currently implemented.

Compact ACL format provides the following advantages over verbose ACL format:

  • Permissions can be specified as positional arguments to the chmod command.

  • The hyphen (-) characters, which identify no permissions, can be removed and only the required letters need to be specified.

  • Both permissions and inheritance flags are set in the same fashion.

For information about using the verbose ACL format, see Setting and Displaying ACLs on ZFS Files in Verbose Format.

Example 7-10 Setting and Displaying ACLs in Compact Format

In the following example, a trivial ACL exists on file.1:

# ls -V file.1
-rw-r-xr-x   1 root     root      206663 Feb 16 11:00 file.1
            [email protected]:--x-----------:------:deny
            [email protected]:rw-p---A-W-Co-:------:allow
            [email protected]:-w-p----------:------:deny
            [email protected]:r-x-----------:------:allow
         [email protected]:-w-p---A-W-Co-:------:deny
         [email protected]:r-x---a-R-c--s:------:allow

In this example, read_data/execute permissions are added for the user gozer on file.1.

# chmod A+user:gozer:rx:allow file.1
# ls -V file.1
-rw-r-xr-x+  1 root     root      206663 Feb 16 11:00 file.1
        user:gozer:r-x-----------:------:allow
            [email protected]:--x-----------:------:deny
            [email protected]:rw-p---A-W-Co-:------:allow
            [email protected]:-w-p----------:------:deny
            [email protected]:r-x-----------:------:allow
         [email protected]:-w-p---A-W-Co-:------:deny
         [email protected]:r-x---a-R-c--s:------:allow

Another way to add the same permissions for user gozer is to insert a new ACL at a specific position, 4, for example. As such, the existing ACLs at positions 4–6 are pushed down. For example:

# chmod A4+user:gozer:rx:allow file.1
# ls -V file.1
-rw-r-xr-x+  1 root     root      206663 Feb 16 11:00 file.1
            [email protected]:--x-----------:------:deny
            [email protected]:rw-p---A-W-Co-:------:allow
            [email protected]:-w-p----------:------:deny
            [email protected]:r-x-----------:------:allow
        user:gozer:r-x-----------:------:allow
         [email protected]:-w-p---A-W-Co-:------:deny
         [email protected]:r-x---a-R-c--s:------:allow

In the following example, user gozer is granted read, write, and execute permissions that are inherited for newly created files and directories by using the compact ACL format.

# chmod A+user:gozer:rwx:fd:allow dir.2
# ls -dV dir.2
drwxr-xr-x+  2 root     root           2 Aug 28 13:21 dir.2
        user:gozer:rwx-----------:fd----:allow
            [email protected]:--------------:------:deny
            [email protected]:rwxp---A-W-Co-:------:allow
            [email protected]:-w-p----------:------:deny
            [email protected]:r-x-----------:------:allow
         [email protected]:-w-p---A-W-Co-:------:deny
         [email protected]:r-x---a-R-c--s:------:allow

You can also cut and paste permissions and inheritance flags from the ls -V output into the compact chmod format. For example, to duplicate the permissions and inheritance flags on dir.1 for user gozer to user cindys, copy and paste the permission and inheritance flags (rwx-----------:f-----:allow) into your chmod command. For example:

# chmod A+user:cindys:rwx-----------:fd----:allow dir.2
# ls -dv dir.2
drwxr-xr-x+  2 root     root           2 Aug 28 14:12 dir.2
       user:cindys:rwx-----------:fd----:allow
        user:gozer:rwx-----------:fd----:allow
            [email protected]:--------------:------:deny
            [email protected]:rwxp---A-W-Co-:------:allow
            [email protected]:-w-p----------:------:deny
            [email protected]:r-x-----------:------:allow
         [email protected]:-w-p---A-W-Co-:------:deny
         [email protected]:r-x---a-R-c--s:------:allow
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire