| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Project Cascade vs Oracle 8i vs Samba?
Recently, TotalNET Advanced Server v5.3 recognizes and honors Solaris ACL's (http://www.syntax.com). Using Solaris/Unix ACL's you can achieve somewhat of the same type of granularity that you might need with setting specific permissions as you would see in NT ACL's. In normal Unix environments that don't deal with PC to Unix file sharing, I haven't seen too much use of the setfacl command.
(ie multiple groups owning a specific directory where everyone outside the user or group is denied access and/or newly created files having inherit ACL's)
# ls -l |more
drwxrwx--- 2 root other 512 Jul 1 09:04 acltest
The owner is root and the group is other where both owner and group have wide open access to the directory acltest.
Now if I set an additional security set using setfacl I can get the following...
# setfacl -m group:staff:r-x acltest ***This command will set a secondary group to have read-only permissions on the directory, acltest. If you use the 'default' option you will get inherited ACL's for newly created files or subdirectories in this particular directory.
# ls -l |more
drwxrwx---+ 2 root other 512 Jul 1 09:04 acltest
This now means that there is an additional ACL set for this directory. To look at the new permission set, I can use the command 'getfacl' to see the permissions for the primary group (other) and the secondary group (staff).
# getfacl acltest
# file: acltest # owner: root # group: other user::rwx group::rwx #effective:rwx group:staff:r-x #effective:r-x
I think the biggest issue is end users not being able to change these ACL's from their native PC environment. (ie properties of a file and selecting security to change NT ACL's). I think Syntax is expanding their GUI administrative interface to allow users to use a web based browser to modify file or directory permissions that they own. They have some basic tools built into it currently but it still needs work. It would be great if Samba or any other SMB/CIFS product accomplished the correct mapping of NT ACL's to corresponding Unix ACL's but still having the ability of end users to change the permissions from their own native interface.
In article <35FFBEB0.2C5ABEC_at_canada.sun.com>,
David Collier-Brown <davecb_at_canada.sun.com> wrote:
> Jon Piesing wrote:
> > We bought our current NT server mainly because the NT people wanted
> > file level ACLs and none of the Unix packages offering NT file
> > serving included file level ACLs.
>
> It's probably true that a file with acls set
> properly will be honored by ANY server running
> on unix.
>
> On Solaris, a file foo (-rw-r--r--)
> is readable by the ``nobody'' user, unlesss
> you say
> $ setfacl -m user:nobody:--- foo
> then it's permissions are:
> $ getfacl foo
> -rw-r--r--+ 1 davecb staff 0 Sep 16 09:27 foo
>
> # file: foo
> # owner: davecb
> # group: staff
> user::rw-
> user:nobody:--- #effective:---
> group::r-- #effective:r--
> mask:r--
> other:r--
>
> Samba can't set the ACLs: I suspect
> it honors them, because it doesn't have
> much choice.
>
> The converse may not be true: you may
> nt be able to weaken the restrictions
> set by chmod via ACLs.
>
> --dave
> --
> David Collier-Brown, | Cherish your enemies. They're harder to
> 185 Ellerslie Ave., | come by than friends and more motivated.
> Willowdale, Ontario | davecb_at_canada.sun.com, hobbes.ss.org
> N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
>
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum Received on Wed Sep 16 1998 - 00:00:00 CDT
 |
 |