From owner-freebsd-current Thu Apr 18 23:14:35 2002 Delivered-To: freebsd-current@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id F278937B419 for ; Thu, 18 Apr 2002 23:14:30 -0700 (PDT) Received: from localhost (ilmar@localhost) by fledge.watson.org (8.11.6/8.11.6) with ESMTP id g3J6EJt42410; Fri, 19 Apr 2002 02:14:19 -0400 (EDT) (envelope-from ilmar@watson.org) Date: Fri, 19 Apr 2002 02:14:19 -0400 (EDT) From: "Ilmar S. Habibulin" To: kai ouyang Cc: current@FreeBSD.org Subject: Re: How use UFS_ACL function? In-Reply-To: Message-ID: <20020419020817.X41830-100000@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 19 Apr 2002, kai ouyang wrote: > options UFS_EXTATTR > options UFS_EXTATTR_AUTOSTART > options UFS_ACL Now you have to create backing storage for extended attributes, ALC in your case. This can be achieved by the following commands: # cd / # mkdir .attribute .attribute/system # cd .attribute/system # extattrctl initattr -p / 388 posix1e.acl_access # extattrctl initattr -p / 388 posix1e.acl_default > For example, I has a user name Jack, who is a wheel member. > I want to deny him to access /boot/, how can I do? After reboot you will have the ability to set acls on your root filesystem. So issue the command: # setfacl -m u:Jack: /boot and check it with getfacl /boot. The output should be like: ... user:Jack:--- ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message