[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
solaris and ACLs
|
From: |
Bob Smith |
|
Subject: |
solaris and ACLs |
|
Date: |
Thu, 23 Oct 2003 17:31:29 -0700 |
on solaris 9 using cfengine 2.0.8p1 i am trying to ensure that the directory
/.ssh matches the following:
bosch:bsmith[117] ~ > getfacl /.ssh
# file: /.ssh
# owner: root
# group: root
user::rwx
group::--- #effective:---
group:sysadmin:r-x #effective:r-x
mask:r-x
other:---
i have tried both:
acl:
{ acl1
method:update
fstype:solaris
group:sysadmin:=rx
}
files:
/.ssh/ mode=0700 owner=root group=root action=fixdirs
acl=acl1
and:
acl:
{ acl2
method:overwrite
fstype:solaris
user:*:=rwx
group:*:noaccess
group:sysadmin:=rx
other:*:noaccess
}
files:
/.ssh/ owner=root group=root action=fixdirs
acl=acl2
however both give the following error, seen when cfagent is run with '-nv'
flags, and fail to correct the permissions:
...
Checking file(s) in /.ssh/
ACL method (overwrite/append) = u on /.ssh/
Old acl has 5 entries and is:
cfengine:bosch: Mode =rwx, name=sysadmin, type=group
cfengine:bosch: Added ACL entry 0: type = 8, id = 14, perm = 7
aclcheck failed
cfengine:bosch: acl: Missing group_obj, user_obj, class_obj, or other_obj
entries.
...
as near as i can tell from the documentation both of the above examples
should produce the desired effect.
any help would be appreciated.
_________________________________________________________________
Add MSN 8 Internet Software to your current Internet access and enjoy
patented spam control and more. Get two months FREE!
http://join.msn.com/?page=dept/byoa
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- solaris and ACLs,
Bob Smith <=