Solaris Access Control Lists

 


Solaris extends basic file permissions and ownership with Access Control Lists (ACLs). The basic commands to set, modify and delete are shown below. This should be a good starting point before reading the man pages.

Set

The “-s” switch sets a new ACL. Note the “+” sign when file is listed.

   # setfacl -s u::rw-,g::r--,o:r--,mask:rw-,u:auditprd:rw-  secret.doc
   # ls -l /home/charles/secret.doc
-rw-------+ 1 charles admin 105433 Jan 24 12:07  /home/charles/secret.doc

The “-m” switch modifies an existing ACL.

    # setfacl -m user:charles:rw- secret.doc

Display

   # getfacl /home/charles/secret.doc
# file: secret.doc
# owner: sshfw
# group: sshfw
user::rw-
user:auditprd:rw-               #effective:rw-
group::r--              #effective:r--
mask:rw-
other:r--

    # getfacl /etc/passwd

# file: /etc/passwd
# owner: root
# group: sys
user::rw-
group::r--              #effective:r--
mask:r--
other:r--

Delete ACL

   $ setfacl -d u:auditprd /home/charles/secret.doc

Copy ACL from one file to another

   $ getfacl file1 | setfacl -f - file2

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>