[mdlug] [WLUG] SELinux permissions
Dan Pritts
danno at dogcheese.net
Thu Jan 17 11:19:00 EST 2013
a couple other notes;
as you've discovered, AFS stores the standard mode bits, but
they are only used AFAIK for one thing. The owner-execute bit allows or
denies execution (assuming you have adequate acls to read the executable).
be aware that AFS acls are based on directories. files do not have individual
acls, access is controlled by the acl of the owning directory.
danno
On Jan 17, 2013, at 9:07 AM, Jonathan Billings <billings at negate.org> wrote:
> On Wed, Jan 16, 2013 at 08:26:15PM -0800, John Wiersba wrote:
>> The filesystem in question is afs. For somereason afs doesn't use
>> the normal getfacl utilities but uses fs instead. I'm investigating
>> the output of fs now...
>
> I suspected it was AFS from the SELinux context and the fact that you
> could create but not remote a directory. It sounds like something I
> hear about all the time at work. AFS predates POSIX acls and SELinux
> by a couple decades, so it's not a huge surprise that their tools are
> different.
>
> Feel free to ask about AFS's fs command, though, since I'm familiar
> with it.
>
> This doc:
> http://docs.openafs.org/Reference/1/fs_setacl.html#a_(administer)
> is the man page for 'fs setacl', and it describes the 'rlidwka'
> permissions AFS can have.
>
> --
> Jonathan Billings <billings at negate.org>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
More information about the mdlug
mailing list