How to set ACL in zfs
owner@
The owner is denied execute permissions on the file (x=execute).
owner@
The owner can read and modify the contents of the file (rw=read_data/write_data, p=append_data). The owner can also modify the file's attributes such as time stamps, extended attributes, and ACLs (A=write_xattr, W=write_attributes, and C=write_acl). In addition, the owner can modify the ownership of the file (o=write_owner).
group@
The group is denied modify and execute permissions on the file (write_data, p=append_data, and x=execute).
Please grant the following filesystem / directory permissions for the 'icinga' user:
Read Only permission to:
/usd
/usd_fs
Execute permission to:
/usd/site/mods/interp
check this aclmode and aclinherit and just make passthrough for this.
zfs set aclinherit=passthrough /usd
zfs set aclinherit=passthrough /usd_fs
chmod A+User:icinga:r:fd:allow /usd
=====================================================================================================
chmod A+user:icinga:r:fd:allow /usd
chmod A+user:icinga:r:fd:allow /usd_fs
chmod A+user:icinga:rwx:fd:allow /usd/site/mods/interp
ls -Vd /usd
ls -Vd /usd/site/mods/interp
nlxusd02prp:root>ls -Vd /usd
drwxr-xr-x+ 44 SrvcPlus root 66 Nov 24 22:00 /usd
user:icinga:r-------------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02prp:root>ls -Vd /usd/site/mods/interp
drwxrwxr-x+ 2 SrvcPlus root 61 Nov 13 13:18 /usd/site/mods/interp
user:icinga:rwx-----------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:rwxp-DaARWc--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02prp:root>
nlxusd02cat:root>cat /etc/passwd |grep -i icinga
icinga:x:31570614:3801:C4238380 - icinga:/export/home/icinga:/usr/bin/bash
nlxusd02cat:root>chmod A+user:icinga:r:fd:allow /usd
nlxusd02cat:root>chmod A+user:icinga:r:fd:allow /usd_fs
nlxusd02cat:root>chmod A+user:icinga:rwx:fd:allow /usd/site/mods/interp
nlxusd02cat:root>ls -Vd /usd
drwxr-xr-x+ 42 SrvcPlus root 67 Nov 25 11:43 /usd
user:icinga:r-------------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02cat:root>ls -Vd /usd/site/mods/interp
drwxrwxr-x+ 2 SrvcPlus root 53 Nov 12 16:45 /usd/site/mods/interp
user:icinga:rwx-----------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:rwxp-DaARWc--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02cat:root>
==============================================================================================
owner@
The owner is denied execute permissions on the file (x=execute).
owner@
The owner can read and modify the contents of the file (rw=read_data/write_data, p=append_data). The owner can also modify the file's attributes such as time stamps, extended attributes, and ACLs (A=write_xattr, W=write_attributes, and C=write_acl). In addition, the owner can modify the ownership of the file (o=write_owner).
group@
The group is denied modify and execute permissions on the file (write_data, p=append_data, and x=execute).
Please grant the following filesystem / directory permissions for the 'icinga' user:
Read Only permission to:
/usd
/usd_fs
Execute permission to:
/usd/site/mods/interp
check this aclmode and aclinherit and just make passthrough for this.
zfs set aclinherit=passthrough /usd
zfs set aclinherit=passthrough /usd_fs
chmod A+User:icinga:r:fd:allow /usd
=====================================================================================================
chmod A+user:icinga:r:fd:allow /usd
chmod A+user:icinga:r:fd:allow /usd_fs
chmod A+user:icinga:rwx:fd:allow /usd/site/mods/interp
ls -Vd /usd
ls -Vd /usd/site/mods/interp
nlxusd02prp:root>ls -Vd /usd
drwxr-xr-x+ 44 SrvcPlus root 66 Nov 24 22:00 /usd
user:icinga:r-------------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02prp:root>ls -Vd /usd/site/mods/interp
drwxrwxr-x+ 2 SrvcPlus root 61 Nov 13 13:18 /usd/site/mods/interp
user:icinga:rwx-----------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:rwxp-DaARWc--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02prp:root>
nlxusd02cat:root>cat /etc/passwd |grep -i icinga
icinga:x:31570614:3801:C4238380 - icinga:/export/home/icinga:/usr/bin/bash
nlxusd02cat:root>chmod A+user:icinga:r:fd:allow /usd
nlxusd02cat:root>chmod A+user:icinga:r:fd:allow /usd_fs
nlxusd02cat:root>chmod A+user:icinga:rwx:fd:allow /usd/site/mods/interp
nlxusd02cat:root>ls -Vd /usd
drwxr-xr-x+ 42 SrvcPlus root 67 Nov 25 11:43 /usd
user:icinga:r-------------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02cat:root>ls -Vd /usd/site/mods/interp
drwxrwxr-x+ 2 SrvcPlus root 53 Nov 12 16:45 /usd/site/mods/interp
user:icinga:rwx-----------:fd----:allow
owner@:rwxp-DaARWcCos:------:allow
group@:rwxp-DaARWc--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
nlxusd02cat:root>
==============================================================================================
No comments:
Post a Comment