Wat hebben we gedaan voor het installeren
| ACL´s van een file bekijken | ls -v , ls -V |
| acl weghalen en vervangen en vervangen door acl die huidige (non ACL ) rechten weergeeft | chmod A- <file> |
| chmod A | |
| owner@:<perms>[:inheritance flags]:<allow|deny> | Permissions for file owner. |
| group@:<perms>[:inheritance flags]:<allow|deny> | Permissions for file group member. |
| everyone@:<perms>[:inheritance flags]:<allow|deny> | Permissions for everyone, including file owner and group member. |
| user:<username>:<perms>[:inheritance flags]:<allow|deny> | Permissions for a specific user. |
| usersid:<sid string>:<perms>[:inheritance flags]:<allow|deny> | Permissions for a specific user, but user is specified by SID. |
| group:<groupname>:<perms>[:inheritance flags]:<allow|deny> | Permissions for a specific group. |
| groupsid:<sid string>:<perms>[:inheritance flags]:<allow|deny> | Permissions for a specific group, but group is specified by SID. |
| sid:<sid string>:<perms>[:inheritance flags]:<allow|deny> | Permissions for a specific SID, but it doesn't matter if it is a user or a group. |
| r | read_data | Permission to read the data of a file. | |
| r | list_directory | Permission to list the contents of a directory. | |
| w | write_data | Permission to modify a file's data. anywhere in the file's offset range. | |
| w | add_file | Permission to add a new file to a directory. | |
| x | execute | Permission to execute a file. | |
| p | append_data | The ability to modify a file's data, but only starting at EOF. Currently, this permission is not supported. | |
| p | add_subdirectory | Permission to create a subdirectory to a directory. | |
| d | delete | Permission to delete a file. | |
| D | delete_child | Permission to delete a file within a directory. | |
| a | read_attributes | The ability to read basic attributes (non-ACLs) of a file. | |
| A | write_attributes | Permission to change the times associated with a file or directory to an arbitrary value. | |
| R | read_xattr | Ability to read the extended attributes of a file. | |
| W | write_xattr | Ability to create extended attributes or write to the extended attribute directory. | |
| c | read_acl | Permission to read the ACL of a file. | |
| C | write_acl | Permission to write the ACL of a file. | |
| o | write_owner | Permission to change the owner of a file. | |
| s | synchronize | Permission to access file locally at server with synchronize reads and writes. Currently, this permission is not supported. | |
| Inherit vlaggen | |||
| f | file_inherit | Inherit to all newly created files. | |
| d | dir_inherit | Inherit to all newly created directories. | |
| i | inherit_only | When placed on a directory, do not apply to the directory, only to newly created files and directories. This flag requires that either file_inherit and or dir_inherit is also specified. | |
| n | no_propagate | Indicates that ACL entries should be inherited to objects in a directory, but inheritance should stop after descending one level. This flag is dependent upon either file_inherit and or dir_inherit also being specified. | |
$ ls -dV /sandbox/dir.1
drwxr-xr-x+ 2 root root 2 Jan 17 15:09 dir.1
user:marks:r-------------:fd-----:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
$
||||||||||||||||:||||||+ inherited access
||||||||||||||:||||||+ failed access
||||||||||||||:|||||+--success access
||||||||||||||:||||+-- no propagate
||||||||||||||:|||+--- inherit only
||||||||||||||:||+---- directory inherit
||||||||||||||:|+----- file inherit
||||||||||||||
||||||||||||||+ sync
|||||||||||||+- change owner
||||||||||||+-- write ACL
|||||||||||+--- read ACL
||||||||||+---- write extended attributes
|||||||||+----- read extended attributes
||||||||+------ write attributes
|||||||+------- read attributes
||||||+-------- delete child
|||||+--------- delete
||||+---------- append
|||+----------- execute
||+------------ write data
|+------------- read data
--------------------------------------------------------------------------------------------------------------------------
read_data (r)
Permission to read the data of a file.
list_directory (r)
Permission to list the contents of a directory.
write_data (w)
Permission to modify a file's data. anywhere in the file's offset
range.
add_file (w)
Permission to add a new file to a directory.
append_data (p)
The ability to modify a file's data, but only starting at EOF.
Currently, this permission is not supported.
add_subdirectory (p)
Permission to create a subdirectory to a directory.
read_xattr (R)
Ability to read the extended attributes of a file.
write_xattr (W)
Ability to create extended attributes or write to the extended
attribute directory.
execute (x)
Permission to execute a file.
read_attributes (a)
The ability to read basic attributes (non-ACLs) of a file.
write_attributes (A)
Permission to change the times associated with a file or directory
to an arbitrary value.
delete (d)
Permission to delete a file.
For more information about delete permission behavior, see the Man-
aging ZFS File Systems in Oracle Solaris 11.4.
delete_child (D)
Permission to delete a file within a directory.
For more information about delete permission behavior, see the Man-
aging ZFS File Systems in Oracle Solaris 11.4
read_acl (c)
Permission to read the ACL of a file.
write_acl (C)
Permission to write the ACL of a file.
write_owner (o)
Permission to change the owner of a file.
synchronize (s)
Permission to access file locally at server with synchronize reads
and writes.
Currently, this permission is not supported.
Using the compact ACL format, permissions are specified by using 14
unique letters to indicate permissions.
Using the positional ACL format, permissions are specified as posi-
tional arguments similar to the ls -V format. The hyphen (-), which
indicates that no permission is granted at that position, can be omit-
ted and only the required letters have to be specified.
The letters above are listed in the order they would be specified in
positional notation.
Permissions can be specified with these letters in the following way:
rwx--D--------
The hyphens can be removed to compact the string as follows:
rwxD
Several special permission sets or aliases are also supported. The fol-
lowing permission sets are used the same way that verbose permissions
are specified.
full_set
All permissions.
modify_set
All permissions except write_acl and write_owner.
read_set
read_data, read_acl, read_attributes, and read_xattr.
write_set
write_data, append_data, write_attributes, and write_xattr
The optional inheritance flags can be specified in the three formats.
The first format uses words to indicate the various inheritance flags
separated with a forward slash (/) character.
file_inherit (f)
Inherit to all newly created files.
dir_inherit (d)
Inherit to all newly created directories.
inherit_only (i)
When placed on a directory, do not apply to the directory, only to
newly created files and directories. This flag requires that either
file_inherit and or dir_inherit is also specified.
no_propagate (n)
Indicates that ACL entries should be inherited to objects in a
directory, but inheritance should stop after descending one level.
This flag is dependent upon either file_inherit and or dir_inherit
also being specified.
The inheritance flags listed can also be specified in the compact for-
mat or as positional arguments similar to the ls -V format. A hyphen
character indicates that the inheritance flag at that position is not
specified in the positional ACL format.
The inheritance flags can be specified with these letters in any of the
following equivalent ways.
file_inherit/dir_inherit/no_propagate
fd-n--
fdn
With this inheritance model, an ACL entry can be specified such as:
user:tom:read_data/write_data/read_attributes:file_inherit:allow
user:fred:read_data:file_inherit/dir_inherit:deny
user:bob:read_data:allow
Attribute Operation
An attribute operation command line has the following format:
chmod [options] attribute_specification_list file ...
where attribute_specification_list is the character S followed by a
comma-separated list of one or more attribute_specifications. Each
attribute_specification is of the form:
[operator]attribute_specifier
An operator is one of the following:
+
Each attribute specified by the associated attribute_specifier is
adjusted to match the value specified by the attribute_specifier.
-
Each attribute specified by the associated attribute_specifier is
adjusted to match the inverse of the value specified by the
attribute_specifier.
=
Each attribute specified by the associated attribute_specifier is
adjusted to match the value specified by the attribute_specifier.
Any boolean read-write extended system attributes associated with
the current file that are not specified by attribute_specifier is
cleared.
If an operator is not specified in an attribute_specification, chmod
behaves as if + had been specified.
An attribute_specifier takes one of the following forms:
a
Set all boolean read-write extended system attributes associated
with the current file.
c[compact_attribute_list]
c'{'compact_attribute_list'}'
Set each boolean read-write extended system attribute identified by
compact_attribute_list.
v[verbose_attribute_setting]
v['{'verbose_attribute_setting_list'}']
Set each boolean read-write extended system attribute identified by
verbose_attribute_setting.
A compact_attribute_list is a list of zero or more adjacent attribute
abbreviation characters from list of Attribute Names and Abbreviation
Characters later in this section. An arbitrary number of hyphen (-)
characters can be included in a compact_attribute_list. These are
ignored.
A verbose_attribute_setting is an attribute name from the list of
Attribute Names and Abbreviation Characters later in this section,
optionally, immediately preceded by no. If the attribute name is used
without no, the attribute is set; otherwise the attribute is cleared.
A verbose_attribute_setting_list is zero or more comma-separated ver-
bose_attribute_settings.
Multiple operations specified for a file are accumulated and are all
set for a file operand as a single attribute setting operation. If an
attribute is specified more than once in an attribute_specifica-
tion_list, the last specified operation is applied.
The following is a list of Attribute Names and Abbreviation Characters:
Attribute Name
Abbreviation Character
hidden
H
sparse
s
system
S
readonly
R
archive
A
nounlink
u
immutable
i
appendonly
a
nodump
d
av_quarantined
q
av_modified
m
sensitive
T