From owner-freebsd-questions@FreeBSD.ORG Wed Sep 5 23:20:50 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3C776106564A for ; Wed, 5 Sep 2012 23:20:50 +0000 (UTC) (envelope-from etnapierala@gmail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id B8F7A8FC0C for ; Wed, 5 Sep 2012 23:20:49 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so997693wgb.31 for ; Wed, 05 Sep 2012 16:20:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=rlRbi2pSSeqKvtWzRmaaN6PDS5sLA4o+i2DTFHPHnr8=; b=Bn763jd93qdUn0pIzeXUuo9JobjZv/7HEOmQuK2soHzKHy50ARloN9E6UFLaZbsv7o 0FEK4BuPCZ/QWmlSAkGJklsVNCgubiUDanQCPHqQduvPUYQUxYTuJHf2QOisUgB2b2yo HPD4nIvz9cEGfK24QPX4scXaizLLs2syNI04DjQys5FScPpGVxWf0MoRLLqELUX2/5pH vN6YT64+xKhQgTK6I3GjCt/P8Ya+TgeAIfWCj9qm2lpy8O26eERFs8W5ZqLrvrZe883X KSoPsjfZKxpqOIbnSToIs3b0jL9ltEYwQb4atJ7LuweCV9skKi7V22WZihAZVdCZ4C21 lv3g== Received: by 10.180.94.38 with SMTP id cz6mr369330wib.10.1346887248426; Wed, 05 Sep 2012 16:20:48 -0700 (PDT) Received: from [192.168.1.104] (45.81.datacomsa.pl. [195.34.81.45]) by mx.google.com with ESMTPS id w7sm1144188wiz.0.2012.09.05.16.20.47 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 05 Sep 2012 16:20:47 -0700 (PDT) Sender: =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-2 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= In-Reply-To: Date: Thu, 6 Sep 2012 01:20:38 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7ACB9DDC-7CF2-4521-9234-35BA6441D0B3@freebsd.org> References: <60FD2657-0D3C-4E6C-ABD0-652DA424D9A2@freebsd.org> To: Doug Sampson X-Mailer: Apple Mail (2.1278) Cc: "freebsd-questions@freebsd.org" Subject: Re: NFSv4 ACL permissions setting X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 23:20:50 -0000 Wiadomo=B6=E6 napisana przez Doug Sampson w dniu 6 wrz 2012, o godz. = 01:13: >> Wiadomo=B6=E6 napisana przez Doug Sampson w dniu 31 sie 2012, o godz. = 01:42: >>=20 >> [..] >>=20 >>> group:DSP-production:rwxpDdaARWcCos:fd----:allow = <<<<<---- >> - >>> group:DSP-production:rwxpDdaARWcCos:fd----:allow = <<<<<---- >> - >>=20 >> This itself looks like a bug in setfacl(1). I'll look into it. >> However... >>=20 >> [..] >>=20 >>> #!/bin/sh >>> # run this script where you wish to effect the changes >>> # reset perms to default >>> find . -type d -print0 | xargs -0 setfacl -b * >>=20 >> Why the asterisk? Also, using "-m" with NFSv4 ACLs is not a very = good >> idea - it's supposed to work, but with NFSv4 ACLs the ordering does >> matter, >> and "-m" simply modifies the ACL entry in place, while the effect of = the >> entry might depend e.g. on "deny" entries before it. Use "-a" = instead. >>=20 >=20 > Forgive me- I am not particularly strong when it comes to shell = scripting. I will modify so that the -a parameter is used instead of -m = when setting new entries. Ok. It's simply a matter of replacing '-m' with '-a0'. Btw, the bug in setfacl(1) command has been fixed in HEAD and will be merged into STABLE in a month from now. > What would you use in place of the asterisk when you want to apply the = "setfacl -b" command to either all files or all directories? The period? Directories: find . -type d -print0 | xargs -0 setfacl -b Files: find . -type f -print0 | xargs -0 setfacl -b The whole point of xargs here is to take the list of files it gets from = find and turn it into a series of arguments for setfacl. So, in the example = above, the actual invocation of setfacl would read "setfacl -b first-file = second-file" etc. With the asterisk, it would be "setfacl -b * first-file = second-file"; this means setfacl would modify not only the files passed by find, but = also all the files in the current directory. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?