Hi CD,
Practical in what kind of environment? What are your goals?
Do you want the ACL deny entries to be inherited?
Do you plan to use CIFS to access these files + ACLs from
systems running Windows?
Thanks,
Cindy
On 01/25/10 07:21, CD wrote:
Hello forum.
I'm in the process of re-organizing my server and ACL-settings.
I've seen so many different ways of doing ACL, which makes me wonder how
I should do it myself.
This is obviously the easiest way, only describing the positive
permissions:
/usr/bin/chmod -R A=\
group:sa:full_set:fd:allow,\
group:vk:read_set:fd:allow \
However, I've seen people split each line, so you getone for each
inheritance-setting:
group:sa:full_set:f:allow,\
group:sa:full_set:d:allow,\
group:vk:read_set:f:allow,\
group:vk:read_set:d:allow \
And some include all negative permissions, like this:
group:sa:full_set:f:allow,\
group:sa:full_set:d:allow,\
group:sa::f:deny,\
group:sa::d:deny,\
group:vk:read_set:f:allow,\
group:vk:read_set:d:allow,\
group:vk:wxpdDAWCos:f:deny,\
group:vk:wxpdDAWCos:d:deny,\
everyone@::f:allow,\
everyone@::d:allow,\
everyone@:full_set:f:deny,\
everyone@:full_set:d:deny \
- Which, I admit, looks more tidy and thoroughly done, but is it practical?
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
