From owner-freebsd-questions@FreeBSD.ORG Wed Sep 5 23:13:53 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67396106566C; Wed, 5 Sep 2012 23:13:53 +0000 (UTC) (envelope-from dougs@dawnsign.com) Received: from mailfilter.dawnsign.com (pyxis.dawnsign.com [69.198.101.212]) by mx1.freebsd.org (Postfix) with ESMTP id 42F978FC17; Wed, 5 Sep 2012 23:13:52 +0000 (UTC) Received: from mailfilter.dawnsign.com (localhost [127.0.0.1]) by mailfilter.dawnsign.com (Postfix) with ESMTP id AB38895D32; Wed, 5 Sep 2012 16:13:45 -0700 (PDT) Received: from Draco.dawnsign.com (draco.dawnsign.com [192.168.101.33]) by mailfilter.dawnsign.com (Postfix) with ESMTP id 1DFB795CA3; Wed, 5 Sep 2012 16:13:44 -0700 (PDT) Received: from DRACO.dawnsign.com ([fe80::6062:7fef:2376:a729]) by Draco.dawnsign.com ([fe80::6062:7fef:2376:a729%10]) with mapi id 14.01.0379.000; Wed, 5 Sep 2012 16:13:44 -0700 From: Doug Sampson To: 'Edward Tomasz Napierala' Thread-Topic: NFSv4 ACL permissions setting Thread-Index: Ac2HCSZAAjTVzuZmTtKA54+RytNrQwA3PYCAAPVobrA= Date: Wed, 5 Sep 2012 23:13:44 +0000 Message-ID: References: <60FD2657-0D3C-4E6C-ABD0-652DA424D9A2@freebsd.org> In-Reply-To: <60FD2657-0D3C-4E6C-ABD0-652DA424D9A2@freebsd.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.101.149] Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Cc: "freebsd-questions@freebsd.org" Subject: RE: NFSv4 ACL permissions setting X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 23:13:53 -0000 > Wiadomo=B6=E6 napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:= 42: >=20 > [..] >=20 > > group:DSP-production:rwxpDdaARWcCos:fd----:allow <<<<<---= - > - > > group:DSP-production:rwxpDdaARWcCos:fd----:allow <<<<<---= - > - >=20 > This itself looks like a bug in setfacl(1). I'll look into it. > However... >=20 > [..] >=20 > > #!/bin/sh > > # run this script where you wish to effect the changes > > # reset perms to default > > find . -type d -print0 | xargs -0 setfacl -b * >=20 > Why the asterisk? Also, using "-m" with NFSv4 ACLs is not a very good > idea - it's supposed to work, but with NFSv4 ACLs the ordering does > matter, > and "-m" simply modifies the ACL entry in place, while the effect of the > entry might depend e.g. on "deny" entries before it. Use "-a" instead. >=20 Forgive me- I am not particularly strong when it comes to shell scripting. = I will modify so that the -a parameter is used instead of -m when setting n= ew entries. What would you use in place of the asterisk when you want to apply the "set= facl -b" command to either all files or all directories? The period? ~Doug