Come eseguire le modifiche ACL apportate da Server.app alle condivisioni dalla shell?

0

Ho una situazione in cui Server.app funziona per molte ore, senza sembrare finire, quando si applicano le autorizzazioni su una grande condivisione.

Qual è l'incantesimo della shell che applicherebbe l'accesso in lettura + scrittura a un utente specifico per un'intera condivisione?

ls -le mostra le seguenti autorizzazioni:

 0: user:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
 1: group:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
 2: user:_spotlight allow list,search,file_inherit,directory_inherit
 3: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 4: user:_spotlight allow list,search,file_inherit,directory_inherit
 5: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 6: user:_spotlight allow list,search,file_inherit,directory_inherit
 7: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 8: user:_spotlight allow list,search,file_inherit,directory_inherit
 9: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 10: user:_spotlight allow list,search,file_inherit,directory_inherit
 11: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 12: user:_spotlight allow list,search,file_inherit,directory_inherit
 13: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 14: user:_spotlight allow list,search,file_inherit,directory_inherit
 15: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 16: user:_spotlight allow list,search,file_inherit,directory_inherit
 17: user:_spotlight allow list,search,file_inherit,directory_inherit
 18: user:_spotlight allow list,search,file_inherit,directory_inherit
 19: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit

Ma non sono del tutto sicuro se dovrei assemblare uno script che imita questo tipo di permessi o se c'è un modo più semplice e più preferibile per farlo.

Aggiornamento: ho trovato un interessante incantesimo in corso sullo sfondo che è stato eseguito da Server.app: /Applications/Server.app/Contents/ServerRoot/usr/share/servermgrd/bundles/server mgr_sharing.bundle/Contents/copyprivs -p /Volumes/path_to_share -f 32 -s /tmp/CopyPrivsTemp.B251lF

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>parentPath</key>
  <string>/Volumes/path_to_share</string>
  <key>status</key>
  <string>running</string>
</dict>
</plist>

Aiuto per copyprivs :

Usage:
must be run as root

Deprecated Panther copy function:

-o <owner> : Owner name
-g <group> : Group name
-p <path>  : Path name
-m <mode>  : permissions mode in octal
Tiger propagate function:

-p <path>  : Path name
-f <flags>  : flag:
propagate UID  1 << 0
propagate GID  1 << 1
propagate ModeOwner  1 << 2
propagate ModeGroup  1 << 3
propagate ModeWorld  1 << 4
propagate ACL  1 << 5
    
posta ylluminate 09.02.2017 - 18:28
fonte

0 risposte

Leggi altre domande sui tag