09-11-2013
Quote:
Originally Posted by
bartus11
Solaris is using NFSv4 ACLs on ZFS filesystems. On UFS filesystems standard ACLs are used.
As far as I know, ZFS has been an unofficial standard for global zones since 2007-2008.
Of course the poster might be using Solaris 8, 9 or a really outdated release of S10.
Anyway... another example of why it's important to be specific about the OS version.
![Smilie Smilie](https://www.unix.com/images/smilies/smile.gif)
10 More Discussions You Might Find Interesting
1. Cybersecurity
restricted access...
Hi
I need to restrict users shell access to only $HOME under /home for each user. I don't want them getting out of their own directories. From what I understand chroot is something I could use, but I want to avoid this since it involves creating symbolic links to a number... (9 Replies)
Discussion started by: alwayslearningunix
9 Replies
2. UNIX for Dummies Questions & Answers
I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies
3. Solaris
Hi All,
I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only.
Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies
4. UNIX for Advanced & Expert Users
I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies.
I've been unable to convince management myself that this is an unacceptable practice.
I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies
5. Solaris
We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server.
Do you have any idea on how to implement that?
thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
7. UNIX for Advanced & Expert Users
Hi All,
I am facing a problem, regarding code security on a server.
We have configured a server which contains our code (ear present in jboss/server/xyz/deploy) in it, and need to bind the code to the server itself so that no one can take the code out of the. the problem is that the password of... (3 Replies)
Discussion started by: akshay61286
3 Replies
8. Solaris
Hi all.
I've had a quick look around but cant see anything exactly matching my requirements.
I have a new T2000 running S10. Im looking to restrict the no. cores that a S10 non-global zone can use to 1 only. The box is single CPU but 8core.
I want to do this to save on some software... (4 Replies)
Discussion started by: boneyard
4 Replies
9. UNIX for Dummies Questions & Answers
Hello,
I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies
10. AIX
Hello folks,
I have an AIX server that is connected to a storage array via a Brocade switch using 4 ports from either side. The zoning is done such that there are 4 paths visible from the server to the storage.
My work involves frequent disabling or enabling the switch ports that are... (1 Reply)
Discussion started by: nkiran
1 Replies
LEARN ABOUT OPENSOLARIS
acl_check
acl_check(3SEC) File Access Control Library Functions acl_check(3SEC)
NAME
acl_check - check the validity of an ACL
SYNOPSIS
cc [ flag... ] file... -lsec [ library... ]
#include <sys/acl.h>
int acl_check(acl_t *aclp, int isdir);
DESCRIPTION
The acl_check() function checks the validity of an ACL pointed to by aclp. The isdir argument checks the validity of an ACL that will be
applied to a directory. The ACL can be either a POSIX draft ACL as supported by UFS or NFSv4 ACL as supported by ZFS or NFSV4.
When the function verifies a POSIX draft ACL, the rules followed are described in aclcheck(3SEC). For NFSv4 ACL, the ACL is verified
against the following rules:
o The inheritance flags are valid.
o The ACL must have at least one ACL entry and no more than {MAX_ACL_ENTRIES}.
o The permission field contains only supported permissions.
o The entry type is valid.
o The flag fields contain only valid flags as supported by NFSv4/ZFS.
If any of the above rules are violated, the function fails with errno set to EINVAL.
RETURN VALUES
If the ACL is valid, acl_check() returns 0. Otherwise errno is set to EINVAL and the return value is set to one of the following:
EACL_INHERIT_ERROR There are invalid inheritance flags specified.
EACL_FLAGS_ERROR There are invalid flags specified on the ACL that don't map to supported flags in NFSV4/ZFS ACL model.
EACL_ENTRY_ERROR The ACL contains an unknown value in the type field.
EACL_MEM_ERROR The system cannot allocate any memory.
EACL_INHERIT_NOTDIR Inheritance flags are only allowed for ACLs on directories.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
|MT-Level |MT-Safe |
+-----------------------------+-----------------------------+
SEE ALSO
acl(2), aclcheck(3SEC), aclsort(3SEC), acl(5), attributes(5)
SunOS 5.11 22 Apr 2008 acl_check(3SEC)