NFSv4 ACL permissions setting

Edward Tomasz Napierała trasz at freebsd.org
Wed Sep 5 23:20:50 UTC 2012 

Wiadomość napisana przez Doug Sampson w dniu 6 wrz 2012, o godz. 01:13:
>> Wiadomość napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:42:
>> 
>> [..]
>> 
>>> group:DSP-production:rwxpDdaARWcCos:fd----:allow               <<<<<----
>> -
>>> group:DSP-production:rwxpDdaARWcCos:fd----:allow               <<<<<----
>> -
>> 
>> This itself looks like a bug in setfacl(1).  I'll look into it.
>> However...
>> 
>> [..]
>> 
>>> #!/bin/sh
>>> # run this script where you wish to effect the changes
>>> # reset perms to default
>>> find . -type d -print0 | xargs -0 setfacl -b *
>> 
>> Why the asterisk?  Also, using "-m" with NFSv4 ACLs is not a very good
>> idea - it's supposed to work, but with NFSv4 ACLs the ordering does
>> matter,
>> and "-m" simply modifies the ACL entry in place, while the effect of the
>> entry might depend e.g. on "deny" entries before it.  Use "-a" instead.
>> 
> 
> Forgive me- I am not particularly strong when it comes to shell scripting. I will modify so that the -a parameter is used instead of -m when setting new entries.

Ok.  It's simply a matter of replacing '-m' with '-a0'.

Btw, the bug in setfacl(1) command has been fixed in HEAD and will
be merged into STABLE in a month from now.

> What would you use in place of the asterisk when you want to apply the "setfacl -b" command to either all files or all directories? The period?

Directories:

find . -type d -print0 | xargs -0 setfacl -b

Files:

find . -type f -print0 | xargs -0 setfacl -b

The whole point of xargs here is to take the list of files it gets from find
and turn it into a series of arguments for setfacl.  So, in the example above,
the actual invocation of setfacl would read "setfacl -b first-file second-file"
etc.  With the asterisk, it would be "setfacl -b * first-file second-file";
this means setfacl would modify not only the files passed by find, but also
all the files in the current directory.

-- 
If you cut off my head, what would I say?  Me and my head, or me and my body?

More information about the freebsd-questions mailing list