[gpfsug-discuss] Enforce ACLs

[Rehs, Philipp Helo]

Hello,

we are using GPFS 4.2.3 and at the moment we are looking into acls and
inheritance.

I have the following acls on a directory:
#NFSv4 ACL
#owner:root
#group:root
special:owner@:rwxc:allow:FileInherit:DirInherit
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (X)DELETE_CHILD (X)CHOWN        (X)EXEC/SEARCH
(X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:r-x-:allow:FileInherit:DirInherit
 (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-
)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-
)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

user:userABC:rwx-:allow:FileInherit:DirInherit
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE
(X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-
)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED



Then the user creates a new folder in this directory and it does not
get the same acl but normal unix permissions.
Is there any way to enforce the new permissions from the parent?

Kind regards
 Philipp

-- 
Heinrich-Heine-Universität Düsseldorf
Zentrum für Informations- und Medientechnologie
Kompetenzzentrum für wissenschaftliches Rechnen und Speichern

Universitätsstraße 1
Gebäude 25.41
Raum 00.51

Telefon: +49-211-81-15557
Mail: Philipp.Rehs at uni-duesseldorf.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7077 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190515/dde03f9d/attachment-0001.bin>