OSX ServerのACL
の編集
https://wiki.donotfree.com:443/index.php?OSX%20Server%E3%81%AEACL
[
トップ
] [
編集
|
差分
|
バックアップ
|
添付
|
リロード
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
]
-- 雛形とするページ --
20120229湘南ライセンス出張資料
AI開発
AI開発/macへのPythonのインストール
AWSから大量のメールを送信したい場合の準備
AWSのEC2の初期設定
AWSへclamavアンチウィルスを設定
Basic認証の掛け方
BracketName
CS4ServiceManagerの警告メッセージについて
CSSだけで作る動きのあるドロップダウンメニュー
CSSやJSがコンパイルされて見にくい場合
CentOS5でPHP-JSONする
CentOS5へのウィルス対策ソフトのインストール
CentOSの仮想イメージ
DNS切り替え前にホームページなどをテストする方法
FacebookButton作成方法について
FacebookButton資料
FileZilla
FileZillaで接続できない!!しかしコマンドではうまくいく場合
FormattingRules
FrontPage
Google Workspaceでの迷惑メール対策
HPを作ったら最初にやること
HTML
HTML テーブルデータについて
Help
HighSierraになってtelnetが無くなった件の対応
ID停止作業について
InterWiki
InterWikiName
InterWikiSandBox
JBMIA様サポート
JPEGのファイルサイズを小さくする
Jungle様サポート
KVMによる仮想化について
LVMによるディスクの仮想化について
LVMによるディスク拡張について
Mac
MacOSにmysqlクライアントのみをインストール
MacのLaunchpadの中身がおかしいとき
Macのホスト名を変える
Mail設定変更について
MenuBar
MySQL
MySQLインポート/エクスポート
NTFSファイル書き込み(Lion/Mountain Lion編)
OSX ServerのACL
PCでの仮想環境運用ルール
PDFのファイルサイズを小さくする
PHP
PHPのコメントアウト
PHPマルチバージョン
PostgreSQL
PukiWiki
PukiWiki/1.4
PukiWiki/1.4/Manual
PukiWiki/1.4/Manual/Plugin
PukiWiki/1.4/Manual/Plugin/A-D
PukiWiki/1.4/Manual/Plugin/E-G
PukiWiki/1.4/Manual/Plugin/H-K
PukiWiki/1.4/Manual/Plugin/L-N
PukiWiki/1.4/Manual/Plugin/O-R
PukiWiki/1.4/Manual/Plugin/S-U
PukiWiki/1.4/Manual/Plugin/V-Z
RecentDeleted
SEO
SSHとSFTPのセキュリティレベルを上げる
SSLに強制的に転送させる(.htaccess)
SSLのテスト
SandBox
ToMezzo
TweetButton
TweetButtonの動作テストについて
TweetButton表示について
TwitterButton
VirtualBox
VirtualBoxでLVMするときの呪文
VirtualBoxについて
VirtualBoxの移行方法について
VirtualBoxを使ってCentOSをインストールする
VirtualBox関係
WikiEngines
WikiName
WikiWikiWeb
Windows関連手順書
WorldCraft
WorldCraft wiki
WorldCraft wiki未実装リスト
WorldCraftデモ
YukiWiki
Zorg
Zorg Wiki
Zorg 影舞
Zorg-FacebookButton操作
ZorgDB-sig_camera
ZorgDB-sig_lens
Zorgのデータベースについて
Zorg更新一覧
admin画面
apacheのログ確認方法
certbot実行後に特定のドメインだけ表示されなくなる
chmod.sh
copperについて
crontab
dantalianについて
dantalianへの画面共有のやり方について
efeel 導入
gitコマンドの短縮設定
googleカレンダーをレスポンシブにする
hiro
iCloudアカウントの作成
iDATENを使った調達
jsでサムネイル表示
kallendaysパスワード
keytouch
macOS Sierraのランチパッドをリセットする
macOSでNo module named virtualenvwrapper発生
macでgitに.DS_Storeが入ってしまうことを防ぐ
macでバージョンアップ後xcrunのエラーが出た場合
mod_rewriteで常にwww付きのhttpsに自動的に転送する設定
moriki
mysqldumpでtabelspacesエラーが出たら
phpのエラーを一時的に細かく見たいとき
phpのエラーを表示させたくないとき
pukiwiki アップロードができない件について
pukiwki 管理者パスワードの変更について
robots.txtとsitemap.xmlについて
sftponlyユーザ作成手順
sshだけでファイル・ディレクトリ転送(scp, sftpなし)
sshでno matching key exchange method found.エラーが出たら
staff画面
treeコマンド
vi
vi 文字化け
vi 色
vimチュートリアル
virtualhostについて
wc
wcdev
wcdevのXML生成
wcdevのユーザ画面のプログラミング作法
wclabアカウントの初期設定
wc便利グッズ
wgetでホームページを丸ごとコピー
wikiの記事を消したいのにゴミ箱アイコンがない!?
wordpressのスパム投稿を排除する
wordpressのファイルパーミッションとプラグインをFTP以外にする設定
yutaka
zorg AmazonS3の利用について
zorg DB権限
zorg-dev/wcについて
zorg.donotfree.comについて
zorg3サーバについて
お見積番号作成手順
つぶやくボタンテストアカウントについて
はまりポイント
ふわっとぬるっとCSS3で変化
アーカイブ
カレンダー共有
クロームから直接ファイルを開く
グループID
コマンドが使えない場合について
コマンドメモ
コロナ禍励行ルール
サーバのせた時文字化けした場合
サーバ関連手順書
シングルクォート、ダブルクォートが変な感じになる
スキャナへの取り込み
ソニア
ソニアサーバについて
ソニア一覧
ソニア更新一覧
デイライトセービング
データ登録画面作成
ドメイン更新
パスワードの配布について
フォトコンテスト管理画面作成
フリー素材(画像・音楽)
プレミアムグループ追加設定
プロジェクト
プロライトのメールアドレス削除
プロライトの作業
プロライトサーバでデータベースのバックアップを取る標準手順
プロライトサーバにログインできない
プロライトサーバ申し込み時の対応
プロライトサーバ設定
ホームページのアドレスのwwwの有無をmod_rewriteでかっこよく統一させる
マウスポインタの大きさ変更について
マックのプリンタプリセットを他のマックからコピー
マックをUSBからインストール
マンスリーレポート
マンスリーレポートについて
メンテナンスページに強制転送させる(開発中や工事中のときなど)
メーリングリスト編集方法について
メールのフォーマット
ユーザIDとグループIDについて
ユーザIDルール
レッドマイン更新方法
レンタルサーバ
ログイン画面が英語になってしまった場合の対処法
ワードプレスの管理画面からプラグインなどのインストールをできるようにする
ワールドクラフト
ワールドクラフトのルール
ワールドクラフトの標語
仮想HDDの拡張
仮想環境構築手順について
作業手順書一覧
作業関連知識
勤務予定表作成について
勤怠管理
命名ルール
在宅勤務ルール
外部開発アカウント作成手順
始業時間と終業時間について
店舗追加
影舞
影舞使い方について
役に立つテクニック集
役職名について
指定された日時で公開されるホームページを作る(PHP)
新入社員研修
旅費交通費申請について
染谷さんへの依頼方法
業務の進め方
業務担当者リスト
注文書
注文書について
湘南ライセンス
湘南ライセンス_お名前.comについて
湘南ライセンス_ファイルサーバ設立について
湘南ライセンス_ホームページ、メールサービスの移行について
湘南ライセンス_ホームページ更新について
湘南ライセンス_免許くんウェブサービスについて
湘南ライセンス・ドメイン調査記録
湘南ライセンス・パスワード情報
湘南ライセンス・ホームページ更新設定資料
湘南ライセンス更新一覧
物理ハードディスクから仮想ハードディスクへの変換方法
画像が表示されない問題について
画像の自動加工
社内wikiについて
社内サーバとそれらの役割
私物の持ち込みについて
編集内容
翻訳
見積書
証明書によるssh接続
請求処理について
退勤時のPCの電源管理ルール
連絡先の共有
郵便番号一括変換
開発環境
開発環境リスト
領収書の処理
[[作業関連知識]] マックのアクセスコントロールリストをコマンドで制御します。 ファイルサーバの運用などで絶大な力を発揮します。 元ネタ http://www.real-world-systems.com/docs/chmod.mac.1.html chmod -- change file modes or Access Control Lists (ACL) chmod [-fv ] [-R [-H | -L | -P] mode file … chmod [-fv ] [-R [-H | -L | -P] [-a | +a | =a] ACE file … chmod [-fhv] [-R [-H | -L | -P] [-E] file … chmod [-fhv] [-R [-H | -L | -P] [-C] file … chmod [-fhv] [-R [-H | -L | -P] [-N] file … Modifies the file mode bits and Access Control Lists (ACLs) -f Do not display a message if modify fails for file. -R Change the modes of the file hierarchies rooted in the files instead of just the files the -H, -L and -P are ignored without -R , override each other and the results are the last specified. •Symbolic link behavor ( with -R) -H symbolic links on the command line are followed. Symbolic links encountered in the tree traversal are not followed by default. -L followed. -P NOT followed.Default. -h change the mode of the link itself rather than the target -v verbose, showing filenames as the mode is modified. Specified more than once, the old and new modes of the file will also be displayed, in both octal and symbolic notation. Only the owner of a file or the super-user is permitted to change the mode of a file. DIAGNOSTICS The chmod utility exits 0 on success, and >0 if an error occurs. MODES Modes may be absolute or symbolic. An absolute mode is an octal number constructed from the sum of one or more of the following values: 4000 (the set-user-ID-on-execution bit) Executable files with this bit set will run with effective uid set to the uid of the file owner. Directories with the set-user-id bit set will force all files and sub-directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature: see chmod(2) and the suiddir option to mount(8). 2000 (the set-group-ID-on-execution bit) Executable files with this bit set will run with effective gid set to the gid of the file owner. 1000 (the sticky bit) See chmod(2) and sticky(8). 0400 Allow read by owner. 0200 Allow write by owner. 0100 For files, allow execution by owner. For directories, allow the owner to search in the directory. 0040 Allow read by group members. 0020 Allow write by group members. 0010 For files, allow execution by group members. For directories, allow group members to search in the directory. 0004 Allow read by others. 0002 Allow write by others. 0001 For files, allow execution by others. For directories allow others to search in the directory. For example, the absolute mode that permits read, write and execute by the owner, read and execute by group members, read and execute by others, and no set-uid or set-gid behaviour is 755 (400+200+100+040+010+004+001). The symbolic mode is described by the following grammar: mode ::= clause [, clause ...] clause ::= [who ...] [action ...] action action ::= op [perm ...] who ::= a | u | g | o op ::= + | - | = perm ::= r | s | t | w | x | X | u | g | o The who symbols u, g, and o specify the user, group, and other mode bits, a all is equivalent to ugo. The perm symbols represent the portions of the mode (permission) bits: r read bits. w write bits. x execute/search bits. s set-user-ID-on-execution and set-group-ID-on-execution bits. t sticky bit. X execute/search bits if the file is a directory or any of the execute/search bits are set in the original (unmodified) mode. Operations with the perm symbol X are only meaningful in conjunction with the op symbol +, and are ignored in all other cases. u user permission bits g group permission bits o other permission bits ls -l -rw------- 1 5595 Feb 22 12:31 .bash_history -rwxr----- 1 27 Dec 15 16:31 .profile The op symbols represent the operation performed: + If no value is supplied for perm, + has no effect. If no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is set. Otherwise, the mode bits represented by the specified who and perm values are set. - If no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is cleared. Otherwise, the mode bits represented by the specified who and perm values are cleared. = The mode bits specified by the who value are cleared, or, if no who value is specified, the owner, group and other mode bits are cleared. if no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is set. Otherwise, the mode bits represented by the specified who and perm values are set. Each clause specifies one or more operations to be performed on the mode bits, and each operation is applied to the mode bits in the order specified. Operations upon the other permissions only (specified by the symbol o by itself), in combination with the perm symbols s or t, are ignored. EXAMPLES OF VALID MODES 644 make a file readable by anyone and writable by the owner only. go-w deny write permission to group and others. =rw,+X set the read and write permissions to the usual defaults, but retain any execute permissions that are currently set. +X make a directory or file searchable/executable by everyone if it is already searchable/executable by anyone. 755 u=rwx,go=rx u=rwx,go=u-w make a file readable/executable by everyone and writable by the owner only. go= clear all mode bits for group and others. g=u-w set the group bits equal to the user bits, but clear the group write bit. ACL MANIPULATION OPTIONS Using extensions to the symbolic mode grammar. Each file has one ACL, containing an ordered list of entries. ls -l displays + when ACL entries are present ls -le displays the ACL entries drwx------+ 108 dgerman staff 3672 Feb 9 20:09 Documents 0: group:everyone deny delete Each entry refers to a user or group, and grants or denies a set of permissions. If a user and a group have the same name (exmple mail) , the user/group name prefix with "user:" or "group:" in order to specify the type . Applicable to all filesystem objects: delete Deletion may be granted by either this permission on an object or the delete_child right on the containing directory. readattr implicitly granted if the object can be looked up and not explicitly denied. readextattr writeattr writeextattr readsecurity writesecurity chown Change an object's ownership. Applicable to directories: list search Look up files by name. add_fil add_subdirectory delete_child Delete a contained object. See the file delete permission above. Applicable to non-directory filesystem objects: read Open for reading. write Open for writing. append Open for writing, but only allow writes into areas of the file not previously written execute Execute the file as a script or pro ACL inheritance is controlled with the following permissions words, which may only be applied to directories: file_inherit Inherit to files. directory_inherit Inherit to directories. limit_inherit only relevant to entries inherited by subdirectories; it causes the directory_inherit flag to be cleared in the entry that is inherited, preventing further nested subdirectories from also inheriting the entry. only_inherit The entry is inherited by created items but not considered when processing the ACL. +a inserts into the canonical location. If the supplied entry refers to an identity already listed, the two entries are combined. Examples ls -dle Documents drwx------+ 108 3672 Feb 9 20:09 Documents 0: group:everyone deny delete # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 # chmod +a "admin allow write" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write # chmod +a "guest deny read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write # chmod +a "admin allow delete" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete +a maintains correct canonical form . local deny, local allow, inherited deny, inherited allow By default, chmod adds entries to the top of the local deny and local allow . Inherited entries are added by using the +ai mode. Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete 3: juser inherited deny delete 4: admin inherited allow delete 5: backup inherited deny read 6: admin inherited allow write-security # chmod +ai "others allow read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete 3: juser inherited deny delete 4: others inherited allow read 5: admin inherited allow delete 6: backup inherited deny read 7: admin inherited allow write-security +a# insert entry at a specific location Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write # chmod +a# 2 "others deny read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: others deny read 3: admin allow write +ai# inserts inherited entries at a specific location. These modes allow non-canonical ACL ordering to be constructed.! -a deletes matching ACL entries. If the entry lists a subset of rights granted by an entry, only the rights listed are removed. Entries may also be deleted by index using -a# . Inheritance is not considered . Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete # chmod -a# 1 file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write,delete # chmod -a "admin allow write" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow delete =a# rewritten Individual entries , but may not add new entries. Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow delete # chmod =a# 1 "admin allow write,chown" # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write,chown -E Reads the ACL information from stdin, as a sequential list of ACEs, separated by newlines. If the information parses correctly, the existing information is replaced. -C Returns false if any of the named files have ACLs in non-canonical order. -i Removes the 'inherited' bit from all entries in the named file(s) ACLs. -I Removes all inherited entries from the named file(s) ACL(s). -N Removes the ACL from the named file(s).
タイムスタンプを変更しない
[[作業関連知識]] マックのアクセスコントロールリストをコマンドで制御します。 ファイルサーバの運用などで絶大な力を発揮します。 元ネタ http://www.real-world-systems.com/docs/chmod.mac.1.html chmod -- change file modes or Access Control Lists (ACL) chmod [-fv ] [-R [-H | -L | -P] mode file … chmod [-fv ] [-R [-H | -L | -P] [-a | +a | =a] ACE file … chmod [-fhv] [-R [-H | -L | -P] [-E] file … chmod [-fhv] [-R [-H | -L | -P] [-C] file … chmod [-fhv] [-R [-H | -L | -P] [-N] file … Modifies the file mode bits and Access Control Lists (ACLs) -f Do not display a message if modify fails for file. -R Change the modes of the file hierarchies rooted in the files instead of just the files the -H, -L and -P are ignored without -R , override each other and the results are the last specified. •Symbolic link behavor ( with -R) -H symbolic links on the command line are followed. Symbolic links encountered in the tree traversal are not followed by default. -L followed. -P NOT followed.Default. -h change the mode of the link itself rather than the target -v verbose, showing filenames as the mode is modified. Specified more than once, the old and new modes of the file will also be displayed, in both octal and symbolic notation. Only the owner of a file or the super-user is permitted to change the mode of a file. DIAGNOSTICS The chmod utility exits 0 on success, and >0 if an error occurs. MODES Modes may be absolute or symbolic. An absolute mode is an octal number constructed from the sum of one or more of the following values: 4000 (the set-user-ID-on-execution bit) Executable files with this bit set will run with effective uid set to the uid of the file owner. Directories with the set-user-id bit set will force all files and sub-directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature: see chmod(2) and the suiddir option to mount(8). 2000 (the set-group-ID-on-execution bit) Executable files with this bit set will run with effective gid set to the gid of the file owner. 1000 (the sticky bit) See chmod(2) and sticky(8). 0400 Allow read by owner. 0200 Allow write by owner. 0100 For files, allow execution by owner. For directories, allow the owner to search in the directory. 0040 Allow read by group members. 0020 Allow write by group members. 0010 For files, allow execution by group members. For directories, allow group members to search in the directory. 0004 Allow read by others. 0002 Allow write by others. 0001 For files, allow execution by others. For directories allow others to search in the directory. For example, the absolute mode that permits read, write and execute by the owner, read and execute by group members, read and execute by others, and no set-uid or set-gid behaviour is 755 (400+200+100+040+010+004+001). The symbolic mode is described by the following grammar: mode ::= clause [, clause ...] clause ::= [who ...] [action ...] action action ::= op [perm ...] who ::= a | u | g | o op ::= + | - | = perm ::= r | s | t | w | x | X | u | g | o The who symbols u, g, and o specify the user, group, and other mode bits, a all is equivalent to ugo. The perm symbols represent the portions of the mode (permission) bits: r read bits. w write bits. x execute/search bits. s set-user-ID-on-execution and set-group-ID-on-execution bits. t sticky bit. X execute/search bits if the file is a directory or any of the execute/search bits are set in the original (unmodified) mode. Operations with the perm symbol X are only meaningful in conjunction with the op symbol +, and are ignored in all other cases. u user permission bits g group permission bits o other permission bits ls -l -rw------- 1 5595 Feb 22 12:31 .bash_history -rwxr----- 1 27 Dec 15 16:31 .profile The op symbols represent the operation performed: + If no value is supplied for perm, + has no effect. If no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is set. Otherwise, the mode bits represented by the specified who and perm values are set. - If no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is cleared. Otherwise, the mode bits represented by the specified who and perm values are cleared. = The mode bits specified by the who value are cleared, or, if no who value is specified, the owner, group and other mode bits are cleared. if no value is supplied for who, each permission bit specified in perm, for which the corresponding bit in the file mode creation mask is clear, is set. Otherwise, the mode bits represented by the specified who and perm values are set. Each clause specifies one or more operations to be performed on the mode bits, and each operation is applied to the mode bits in the order specified. Operations upon the other permissions only (specified by the symbol o by itself), in combination with the perm symbols s or t, are ignored. EXAMPLES OF VALID MODES 644 make a file readable by anyone and writable by the owner only. go-w deny write permission to group and others. =rw,+X set the read and write permissions to the usual defaults, but retain any execute permissions that are currently set. +X make a directory or file searchable/executable by everyone if it is already searchable/executable by anyone. 755 u=rwx,go=rx u=rwx,go=u-w make a file readable/executable by everyone and writable by the owner only. go= clear all mode bits for group and others. g=u-w set the group bits equal to the user bits, but clear the group write bit. ACL MANIPULATION OPTIONS Using extensions to the symbolic mode grammar. Each file has one ACL, containing an ordered list of entries. ls -l displays + when ACL entries are present ls -le displays the ACL entries drwx------+ 108 dgerman staff 3672 Feb 9 20:09 Documents 0: group:everyone deny delete Each entry refers to a user or group, and grants or denies a set of permissions. If a user and a group have the same name (exmple mail) , the user/group name prefix with "user:" or "group:" in order to specify the type . Applicable to all filesystem objects: delete Deletion may be granted by either this permission on an object or the delete_child right on the containing directory. readattr implicitly granted if the object can be looked up and not explicitly denied. readextattr writeattr writeextattr readsecurity writesecurity chown Change an object's ownership. Applicable to directories: list search Look up files by name. add_fil add_subdirectory delete_child Delete a contained object. See the file delete permission above. Applicable to non-directory filesystem objects: read Open for reading. write Open for writing. append Open for writing, but only allow writes into areas of the file not previously written execute Execute the file as a script or pro ACL inheritance is controlled with the following permissions words, which may only be applied to directories: file_inherit Inherit to files. directory_inherit Inherit to directories. limit_inherit only relevant to entries inherited by subdirectories; it causes the directory_inherit flag to be cleared in the entry that is inherited, preventing further nested subdirectories from also inheriting the entry. only_inherit The entry is inherited by created items but not considered when processing the ACL. +a inserts into the canonical location. If the supplied entry refers to an identity already listed, the two entries are combined. Examples ls -dle Documents drwx------+ 108 3672 Feb 9 20:09 Documents 0: group:everyone deny delete # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 # chmod +a "admin allow write" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write # chmod +a "guest deny read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write # chmod +a "admin allow delete" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete +a maintains correct canonical form . local deny, local allow, inherited deny, inherited allow By default, chmod adds entries to the top of the local deny and local allow . Inherited entries are added by using the +ai mode. Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete 3: juser inherited deny delete 4: admin inherited allow delete 5: backup inherited deny read 6: admin inherited allow write-security # chmod +ai "others allow read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete 3: juser inherited deny delete 4: others inherited allow read 5: admin inherited allow delete 6: backup inherited deny read 7: admin inherited allow write-security +a# insert entry at a specific location Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write # chmod +a# 2 "others deny read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: others deny read 3: admin allow write +ai# inserts inherited entries at a specific location. These modes allow non-canonical ACL ordering to be constructed.! -a deletes matching ACL entries. If the entry lists a subset of rights granted by an entry, only the rights listed are removed. Entries may also be deleted by index using -a# . Inheritance is not considered . Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write,delete # chmod -a# 1 file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write,delete # chmod -a "admin allow write" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow delete =a# rewritten Individual entries , but may not add new entries. Examples # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow delete # chmod =a# 1 "admin allow write,chown" # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: admin allow write,chown -E Reads the ACL information from stdin, as a sequential list of ACEs, separated by newlines. If the information parses correctly, the existing information is replaced. -C Returns false if any of the named files have ACLs in non-canonical order. -i Removes the 'inherited' bit from all entries in the named file(s) ACLs. -I Removes all inherited entries from the named file(s) ACL(s). -N Removes the ACL from the named file(s).
テキスト整形のルールを表示する
![[PukiWiki]](image/wclogo02.png "[PukiWiki]")
