Extended ACLs in Solaris

The ZFS file system in Solaris supports extended ACLs which an administrator can use for managing user and group control. One can control these extended ACLs using the chmod command. It is very similar to setfacl and getfacl in Linux. A common practice is to allow read and execute on subdirectories. This will be performed through inheritance on a parent directory. Here is an example:

chmod A+user:myusername:rx:file_inherit/dir_inherit:allow mydirectory

The above command in Solaris will add an extended ACL for user “myusername”, and each file written within “mydirectory” will inherit the ACL. This is useful if you want to give many people access to any subfiles written — normally to avoid permission conflicts.

One can also perform this for a group rather than a user:

chmod A+group:mygroup:rx:file_inherit/dir_inherit:allow mydirectory

This will set the ACL on directory “mydirectory” to group “mygroup”. And any file written within “mydirectory” will inherit the ACL on “mydirectory”

If for some reason you want to remove this ACL in you can perform the following:

chmod A-

One can even invoke this recursively to remove all inherited ACLs on subfiles and subfolders.

Be the first to comment

Leave a Reply