Date: Thu, 6 Sep 2012 01:20:38 +0200 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@freebsd.org> To: Doug Sampson <dougs@dawnsign.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: NFSv4 ACL permissions setting Message-ID: <7ACB9DDC-7CF2-4521-9234-35BA6441D0B3@freebsd.org> In-Reply-To: <E6B2517F8D6DBF4CABB8F38ACA367E780CF4CFD1@Draco.dawnsign.com> References: <E6B2517F8D6DBF4CABB8F38ACA367E780CF4582E@Draco.dawnsign.com> <60FD2657-0D3C-4E6C-ABD0-652DA424D9A2@freebsd.org> <E6B2517F8D6DBF4CABB8F38ACA367E780CF4CFD1@Draco.dawnsign.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=B6=E6 napisana przez Doug Sampson w dniu 6 wrz 2012, o godz. = 01:13: >> Wiadomo=B6=E6 napisana przez Doug Sampson w dniu 31 sie 2012, o godz. = 01:42: >>=20 >> [..] >>=20 >>> group:DSP-production:rwxpDdaARWcCos:fd----:allow = <<<<<---- >> - >>> group:DSP-production:rwxpDdaARWcCos:fd----:allow = <<<<<---- >> - >>=20 >> This itself looks like a bug in setfacl(1). I'll look into it. >> However... >>=20 >> [..] >>=20 >>> #!/bin/sh >>> # run this script where you wish to effect the changes >>> # reset perms to default >>> find . -type d -print0 | xargs -0 setfacl -b * >>=20 >> Why the asterisk? Also, using "-m" with NFSv4 ACLs is not a very = good >> idea - it's supposed to work, but with NFSv4 ACLs the ordering does >> matter, >> and "-m" simply modifies the ACL entry in place, while the effect of = the >> entry might depend e.g. on "deny" entries before it. Use "-a" = instead. >>=20 >=20 > Forgive me- I am not particularly strong when it comes to shell = scripting. I will modify so that the -a parameter is used instead of -m = when setting new entries. Ok. It's simply a matter of replacing '-m' with '-a0'. Btw, the bug in setfacl(1) command has been fixed in HEAD and will be merged into STABLE in a month from now. > What would you use in place of the asterisk when you want to apply the = "setfacl -b" command to either all files or all directories? The period? Directories: find . -type d -print0 | xargs -0 setfacl -b Files: find . -type f -print0 | xargs -0 setfacl -b The whole point of xargs here is to take the list of files it gets from = find and turn it into a series of arguments for setfacl. So, in the example = above, the actual invocation of setfacl would read "setfacl -b first-file = second-file" etc. With the asterisk, it would be "setfacl -b * first-file = second-file"; this means setfacl would modify not only the files passed by find, but = also all the files in the current directory. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7ACB9DDC-7CF2-4521-9234-35BA6441D0B3>