SUMMARY:ACL usage

From: Cohen, Andy (Andy.Cohen@cognex.com)
Date: Wed Sep 10 2003 - 16:57:48 EDT

• Next message: Chris Wincentsen: "SUMMARY: su - memory fault error"
• Previous message: Mohamed K. Ahmed: "Raid Disks ES40"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to everybody who replied. Basically this setting can be changed
without rebooting:

        sysconfig -r sec acl_mode=enable

did the trick.

A. Majeske went on to suggest:

To make sure that ACLs are enabled after reboots create
a stanza file, e.g. acl.stanza containing:
sec:
    acl_mode=enable

Then use sysconfigdb to add it to the /etc/sysconfigtab file:

#sysconfigdb -m -f acl.stanza sec

Note: There's lots of information on setting up and using
ACLs in the Security manual, or Security Administration
manual for V5.1B

That worked perfectly as well.

D. Byrd had some additional helpful information:

If you look at the output from "sysconfig -Q sec", check the OP field for an
'R'. It Would allow for changing the variable in a 'Running' kernel. If the
OP field only has CQ, then you must reboot after you modify the variable in
/etc/sysconfigtab.

OP is the 'operation' field. The 'C' means it is 'configurable' at boot time
from the /etc/sysconfigtab file. The 'Q'' means you can 'query' the variable
(i.e. look at it). All the variables have 'C' in the OP field. The 'R' means
you could do the command "sysconfig -r acl_mode=enable sec" to change the
variable in the 'running (live active' kernel without rebooting. You would
still want to put it into /etc/sysconfigtab to make the change permanent for
each future boot.

Thanks to Dan Byrd, Kris Smith, Ann Majeske, Chris Medaglia, Brian Staab,
and Martin Moore.

Andy

ORIGINAL QUESTION
=================

Hi,

I need to implement some ACLs. When I issue:

        setacl -u user:{username}:rwx *

I get:

        setacl: Warning: ACL processing is disabled for file:

If I issue:

        root@thor==> sysconfig -q sec

I get:

        sec:
        acl_mode = disable

Is this why I'm getting the warning message? Do I just change
/etc/sysconfigtab and reboot? Is there a way to make the change take affect
without rebooting?

Thanks,
Andy

Andy Cohen
Database Systems Administrator
Cognex Corporation
1 Vision Drive
Natick, MA 01760

• Next message: Chris Wincentsen: "SUMMARY: su - memory fault error"
• Previous message: Mohamed K. Ahmed: "Raid Disks ES40"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:35 EDT