Adding ACL for a non-network user to a file
in [Mac Systems]
|
From: JF Mezei on 28 May 2010 03:03 This is on an Xserve which has both the local user database (containing plenty of "system" usernames, as well as the LDAP database which contains the regular users. I am trying to give a particular folder read only access to the "system" (local) account _www so the Apache web server can access the directory. I would rather not have it world readable. In the finder, when I "get info" for the folder in question, I am only given the possibility to add an "acl" for network users (LDAP database), not for the system (local) users. Is there a way to get the finder to include the local users in the list of users it displays when wanting to add a new acl entry ? Or what are the line commands to view/manipulate ACLs on OS-X ? (apropos gave me nothing that was useful for ACLs).
From: David Empson on 28 May 2010 03:37 JF Mezei <jfmezei.spamnot(a)vaxination.ca> wrote: > This is on an Xserve which has both the local user database (containing > plenty of "system" usernames, as well as the LDAP database which > contains the regular users. > > I am trying to give a particular folder read only access to the "system" > (local) account _www so the Apache web server can access the directory. > I would rather not have it world readable. > > In the finder, when I "get info" for the folder in question, I am only > given the possibility to add an "acl" for network users (LDAP database), > not for the system (local) users. > > Is there a way to get the finder to include the local users in the list > of users it displays when wanting to add a new acl entry ? > > Or what are the line commands to view/manipulate ACLs on OS-X ? > > (apropos gave me nothing that was useful for ACLs). chmod is used to manipulate ACLs. The syntax is rather cumbersome. You might also try Server Admin, as it has a much better implementation of Finder's permissions settings. (Don't know if I've tried to set up ACLs for server local users, though.) -- David Empson dempson(a)actrix.gen.nz
From: JF Mezei on 28 May 2010 03:41 David Empson wrote: > chmod is used to manipulate ACLs. The syntax is rather cumbersome. But how do you list the ACLs ? Didn'T find any optiosn in "stat". Also, in server admin, what is the difference between the "ACL" permissions and the "POSIX" permissions ? I can't seem to be able to remove posix permissions. > You might also try Server Admin, as it has a much better implementation > of Finder's permissions settings. (Don't know if I've tried to set up > ACLs for server local users, though.) Like the finder, it doesn't let me add local (system) users, only users in the LDAP database. Yet, there are system/local users listed in there too :-(
From: =?ISO-8859-1?Q?Kir=E1ly?= on 28 May 2010 10:04 JF Mezei <jfmezei.spamnot(a)vaxination.ca> wrote: > But how do you list the ACLs ? Didn'T find any optiosn in "stat". Use the -e flag with the ls command. For example, ls -lde ~ returns: drwxr-xr-x@ 96 kiraly wheel 3264 May 28 07:01 /Users/kiraly 0: group:everyone deny delete The second line shows that there is an ACL set to deny every user the ability to delete the folder (in this case, my home folder.) > Also, in server admin, what is the difference between the "ACL" > permissions and the "POSIX" permissions ? I can't seem to be able to > remove posix permissions. You can't remove POSIX permissions, but ACL settings will override them. ACLs allow you to set much finer control over what you can do with POSIX. -- K. Lang may your lum reek.
|
Pages: 1 Prev: Snooping on iPhone data with Linux Next: News Overheard... |