How to get a user's effective permissions (traditional+acl) for a file/dir?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I've looked at other answers but can't find an answer for this.
I have a file system which uses ACLs. I want to test what the resulting set of permissions (both traditional and ACLs) will be for a given user (or group, I guess) if they try to access a file nested within the file tree.
(Note - I'm not asking "can they access it" or "can they change it". I'm looking for output which tells me the complete human readable set of effective rights that that user would have, which could vary from none at all, to some rights but not others, to full rights.)
man getfacl
doesn't say how to do this, but it's so basic I must be missing something.
permissions acl
add a comment |Â
up vote
0
down vote
favorite
I've looked at other answers but can't find an answer for this.
I have a file system which uses ACLs. I want to test what the resulting set of permissions (both traditional and ACLs) will be for a given user (or group, I guess) if they try to access a file nested within the file tree.
(Note - I'm not asking "can they access it" or "can they change it". I'm looking for output which tells me the complete human readable set of effective rights that that user would have, which could vary from none at all, to some rights but not others, to full rights.)
man getfacl
doesn't say how to do this, but it's so basic I must be missing something.
permissions acl
getfacl
takes into account the standard unix permissions (indeedsetfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then callsaccess(2)
may be the way to go.
â Stephen Harris
Feb 18 at 0:45
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..
â Stilez
Feb 18 at 7:24
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I've looked at other answers but can't find an answer for this.
I have a file system which uses ACLs. I want to test what the resulting set of permissions (both traditional and ACLs) will be for a given user (or group, I guess) if they try to access a file nested within the file tree.
(Note - I'm not asking "can they access it" or "can they change it". I'm looking for output which tells me the complete human readable set of effective rights that that user would have, which could vary from none at all, to some rights but not others, to full rights.)
man getfacl
doesn't say how to do this, but it's so basic I must be missing something.
permissions acl
I've looked at other answers but can't find an answer for this.
I have a file system which uses ACLs. I want to test what the resulting set of permissions (both traditional and ACLs) will be for a given user (or group, I guess) if they try to access a file nested within the file tree.
(Note - I'm not asking "can they access it" or "can they change it". I'm looking for output which tells me the complete human readable set of effective rights that that user would have, which could vary from none at all, to some rights but not others, to full rights.)
man getfacl
doesn't say how to do this, but it's so basic I must be missing something.
permissions acl
asked Feb 17 at 23:37
Stilez
431211
431211
getfacl
takes into account the standard unix permissions (indeedsetfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then callsaccess(2)
may be the way to go.
â Stephen Harris
Feb 18 at 0:45
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..
â Stilez
Feb 18 at 7:24
add a comment |Â
getfacl
takes into account the standard unix permissions (indeedsetfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then callsaccess(2)
may be the way to go.
â Stephen Harris
Feb 18 at 0:45
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..
â Stilez
Feb 18 at 7:24
getfacl
takes into account the standard unix permissions (indeed setfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then calls access(2)
may be the way to go.â Stephen Harris
Feb 18 at 0:45
getfacl
takes into account the standard unix permissions (indeed setfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then calls access(2)
may be the way to go.â Stephen Harris
Feb 18 at 0:45
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:
access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..â Stilez
Feb 18 at 7:24
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:
access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..â Stilez
Feb 18 at 7:24
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424879%2fhow-to-get-a-users-effective-permissions-traditionalacl-for-a-file-dir%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
getfacl
takes into account the standard unix permissions (indeedsetfacl
will update them as necessary). But it's not the whole story, because the permissions on the directory path may impact things. If you want to know if a given user can access a file then a setuid program that sets uid to the user you want to test and then callsaccess(2)
may be the way to go.â Stephen Harris
Feb 18 at 0:45
That's exactly what prompted the question. I know that I can setuid to the user and test some flags - and it's inefficient (have to switch user to do it), incomplete (less easy to identify some ACLs if others are DENYed), and even if one can read all relevant ACLs in its dir path (hence is allowed to calculate the user's effective ACLs "the long way around") you might not have the ability to setuid to the user. Final nail in coffin:
access
doesnt seem to return ACLs anyway. I appreciate the comment but it doesn't seem to get closer to an answer..â Stilez
Feb 18 at 7:24