[comp.os.vms] ACL's

vtcf@NCSC.ARPA.UUCP (09/02/87)

Could somebody explain how these ACL's work?  I'd like to be able to grant
an identifier to a directory and it'ss files, nd allow anyone with that
identifier to be able to create new files, edit and delete files, etc.,
as if they owned the directory. I tried to use the following:
(IDENTIFIER=xxx,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)
on the directory, and
(IDENTIFIER=XXX,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
on all existing files in the directory.
I then granted the identifier with RESOURCE attribute to the users
needing it.  Am I missing something?
Any help would be greatly appreciated. (A command procedure to do this
would be GREAT!)
Thanks in advance,

Tom Williams
Code 4210
Naval Coastal Systems Center
Panama City, Fl  32407-5000
(904)234-4699

vtcf@ncsc.arpa

face@amethyst.UUCP (Chris Janton) (09/03/87)

The ACL that you have created (specifying OPTIONS=DEFAULT) will cause all
new files created in the directory to have the specified attributes.  You
need to add an ACE that allows the users access to the directory as well.

Just create another ACE with the ,OPTIONS... removed.  This will allow
access to the directory file.

dirk@mvax.dn.mu.oz (Dirk van der Knijff) (09/09/87)

I have created a common directory for a group as follows:

1. create an identifier with resource attribute
2. grant this identifier to all members with resource
3. create a directory OWNED by the identifier

(the following may not be neccessary but I had trouble with the
manuals and 'it aint broke')

4. add ACL's - ident=id-as-above,options=default,acc=r+w+e+d+c
               ident=id-as-above,acc=r+w+e+d

then when the users set def to that directory files are created
owned by the id-as-above with ACL's granting access to the id
and another ACL granting r+w+e+d+c to the file creator.

Dirk van der Knijff			dirk%mvax.dn.mu.oz.au@seismo.css.gov
Melbourne College of Advanced Education
757 Swanston Street
CARLTON 3054.  Australia

vtcf@NCSC.ARPA (Williams) (09/14/87)

Thanks to all who responded to my ACL question.  Apparently, my ACL
specifiying (ID=xxx, OPTIONS=DEFAULT,ACCESS=R+W+E+D+C) was for new files
created within the directory. I only needed to add  another ACL for the
directory itself!  (The documentation is sometimes a little confusing, but
after reading 10 or 20 times, it starts to sink in.)