Re: question about acledit
From: cybernut (firstname.lastname@example.org)
From: "cybernut" <email@example.com> Date: Fri, 18 Apr 2003 10:28:33 -0600
"cybernut" <firstname.lastname@example.org> wrote in message
> I'm trying to use acledit on AIX 4.3.3 to grant rwx perms to a user for a
> directory that the user does not own and is not a member of the group for
> the directory.
> Nicholas Dronen was kind enough to point this command out to me and it
> like it is exactly what I need, but I have one problem after I set it up
> a folder.
> I ran acledit <directory> and changed disabled to:
> permit rwx u:username
> username is of course the person's username that needs those perms for
> My problem is that the user still cannot even browse the directory. I'm
> wondering if the system needs to reread the acl for that directory before
> the user can access it. Is that the case and is there a way to accomplish
> that without restarting the system? I'm sure there is because restarting
> system would be stupid for something like that.
I created a file at / called test with rwx------ and root as owner, system
as group. I obviously could not read the file with my normal user account. I
then added extended rwx perms using acledit to the file for my user account
and was able to read the file after that.
I think my problem here is that I'm not understanding how permissions are
being passed down directories. The directory I need to grant extra perms to
is 4 levels deep. Here is what it looks like:
owner and group for directory1 is root system
owner and group for directory2,3,4 is the same for all three, but different
owner group than directory 1
directory1 has base permissions of dr-xr-xr-x and extended disabled
direcotry2 has base permissions of drwxr-x--- and extended disabled
directory3 has base permissions of drwxr-x--- and extended disabled
directory4 has base permissions of drwxr-x--- and extended is enabled with
permit rwx u:userx
I'm sure my problem is that I need permission somewhere else as well besides
just directory4. Basically I need userx to be able to read and write to
directory 4, but not be the owner or a member of the group. Any suggestions?
I'll mess around and probably figure it out, but if someone can save me some
time that would be cool...