Access Control List

Question

Hi
How do I set an Access Control List in EMC Celerra?

I have a folder in NAS called pcb.

root@sgfs1 # df -k .
Filesystem kbytes used avail capacity Mounted on
zsg03nas01-37:/pcb 51628784 26745808 24882976 52% /ecad

I mounted it on a Solaris client as /ecad.
And under the /ecad, there is a subdirectory called SHARED.

root@sgfs1 # pwd
/ecad

root@sgfs1 # ls -ld SHARED
drwxrwxr-x 2 root pcb 80 Mar 5 08:30 SHARED

I have a user who just wants a Read access to SHARED subdirectory. This user belongs to the same group as users under /ecad but this SHARED directory is given Read, Write and Execute under Group.
How do I just give Read access to this particular user.

Thanks

BillStein-Dell · Answer

You cannot use Celerra access tools to give the user read access only. Celerra's access control is effective down to a host or IP only. If you know your user would be accessing the directory from only one host, that might work.

Beyond that, the only suggestion I can offer you is to either change the user's group membership, or use the sticky bit on the SHARED directory. The sticky bit will only allow the item's owner, the directory's owner, or root, write and delete privilege on items within that directory. So it would look something like this:

root@sgfs1 # pwd
/ecad
 
root@sgfs1 # ls -ld SHARED
drwxrwxr-x 2 root pcb 80 Mar 5 08:30 SHARED
 
root@sgfs1 # chmod +t SHARED
 
root@sgfs1 # ls -ld SHARED
drwxrwxr-t 2 root pcb 80 Mar 5 08:30 SHARED

Note the t in the last character space of the permission listing. This indicates the sticky bit is active. This means that only root, or the item's owner, would have write or delete privilege within SHARED.

hth

zainal1 · Answer

Thanks Bill.
I decide not to change the permission mode as 775. Hopefully he doesn't write to the SHARED directory.

By the way,I was in Colorado Springs sometime in year 2005 on a business trip. Cool place, i luv it there. I'm from Singapore

Celerra

Access Control List

Was this post helpful?