I am writing a script which touches a file and afterwards modifies the access control list the way that one particular user (say peter) shall have full permissions to that file. Therefore I must add peter and a mask as well, if there was no one before.
For example
# file: newfile
# owner: hans
# group: hansgroup
user::rwx
user:peter:rwxc
group::r-x
mask::rwx
other::r--
The mask must give full permissions as well, otherwise peter's entry would be masked.
So, what if there is already a mask entry because there are other special user or group entries (which could come from a default ACL for the directory) - can I just change the mask to rwx in order to enable full permissions for my new peter entry? I am sure I would - in some cases - change the effective permissions of some other special entries if I extend the mask?
If no, don't I need to worry about the extension of the mask? Isn't that a problem?
If yes, I see a dilemma in it. What could I do?
I am familiar with this documentation of acls: http://www.suse.de/~agruen/acl/linux-acls/linux-acls-final.pdf
Related
I can't find a way to search for TCPs / search TCP usages / renaming all TCPs.
Let's assume I have a 'licensePlate' TCP set up on the highest level of the hierarchy, and that I have 2 subfolders. In one of them I use the value as it is, in the other folder I change the value. I have some libraries using 'licensePlate'.
I then proceed to rename the TCP to 'carId' on the highest level (and in the libraries). The folder which inherited it will be updated. But the other one will now have two TCPs. This is illustrated in the figure below.
So at the moment I need to manually go into all my subfolders/testcases, find all of them where 'licensePlate' was re-configured, and: (1) set the value to the new param ('carId'); (2) delete the old param ('licensePlate').
The logic behind this imho is that I may still be using that param name (e.g. if I resolved my libraries). Still, I'm guessing that there must be a way to bulk-rename or at least to search for TCP usages (?)
That is really tricky and abstruse. You can find TCP usage with following TQL (Home - Search - TQL Search tab)
=>SUBPARTS[(param_name!="")]
where "param_name" is the name of your parameter.
And it seems that only usages are being found where values has been changed and are not default values.
I'm trying to figure out how to assign a VM to a folder that does not contain a unique name. I'm currently testing with the clone_vm.py template. With the sample, I have the ability to set the folder, but it does not work correctly if there's nested folders with the same name (example below). I would like to make sure the folder assigned is the "Linux/Dev" folder, but I can only pass "Dev" and hope that it picks the right one. The line of code below is how the folder is being set.
destfolder = get_obj(content, [vim.Folder], vm_folder)
Linux
|------Dev
|------Prod
Windows
|------Dev
|------Prod
Thanks!
The best way to do that is to use a search_index.FindByInventoryPath and get the folder by the path. It can be a little confusing because of hidden folders but the MOB can help you. I answered a question where I covered how to use that search method see this answer.
Is it possible to add an alias to a schema atrribute type in openldap? Could anyone provide the command line instruction to accomplish this?
For example,
Description RFC2256: Telephone Number
OID 2.5.4.20
Obsolete No
Inherits from
Equality telephoneNumberMatch
Ordering (not specified)
Substring Rule telephoneNumberSubstringsMatch
Syntax Telephone Number (1.3.6.1.4.1.1466.115.121.1.50)
Single Valued No
Collective No
User Modification Yes
Usage (not specified)
Maximum Length 32 characters
Aliases (none)
Used by objectClasses dmd documentSeries domain organization organizationalPerson organizationalRole organizationalUnit person residentialPerson RFC822localPart room
Force as MAY by config No
I want to update the Aliases from none to "Test1"
You need to locate the scheme entry in one of the files in the schemas directory and add the alias there. You'll find other examples in those files of what an alias looks like. Then just restart the server.
It looks like salt.states.file doesn't like wildcards in the ID or name. I'm trying to manage permissions of a consistent subdirectory within a variable parent, e.g., I want to manage permissions on 'poo'. 'poo' is consistent (with lots of fiber), but its parent directory can be variable:
/massive/poo
/lotso/poo
/runny/poo
/Manny Pacquiao vs Floyd Mayweather/poo
You get the idea.
It's okay for the parent to have the default permissions, but I want to manage the subdirectory. Something that
chmod 775 /*/poo
would take care of.
Is there a way to do this with salt states?
You can run specify a cmd.run for this.
Test_command:
cmd.run:
- name: chmod 755 /*/poo
- unless: (insert some logic here)
I include the insert statement because it's "best" to always check if the command needs to run unless you want it to run EVERY TIME, unless you want slow performance...
Hope this helps.
We have many old snapshot views lying around and I need to find out when these snapshot views were created.
There is a twist - we are no longer running ClearCase and the hardware we used to run it is no longer around. However, we still have all the files used internally by ClearCase still lying around, so I can go to a directory /usr7/viewstore/some_snapshot_sv and poke around.
I've got a timestamp on these directories, but this is not necessarily when the view was created.
I was wondering if somewhere in this directory structure there was a certain file in which I can search for a creation date.
I'm in a Unix/Linux environment. ClearCase did run on IRIX.
Thanks.
Any metadata associated with the view is on the view server side, where the view storage are kept.
The one file which could be the closest from the creation date would be the .hostname file within a view storage.
It is only created and updated on the view creation, and never change unless the view is unregistered, and then re-registered (very rare).
view.dat is also a good candidate (but can also be regenerated, and is for snapshot view only)
This IBM article lists all relevant files:
Files that are regenerated automatically when the view is restarted:
# .access_info
# .pid
Files that can be regenerated with ClearCase commands:
# .compiled_spec -- regenerate by running cleartool setcs -current
# .hostname -- regenerate by unregistering and re-registering the view
# view.dat -- Snapshot views only:
can be regenerated by running the "regen_view_dot_dat.pl" script
found in <cc-home-dir>\etc\utils
See technote1204161 for more details on the regenerating the view.dat file.
Files that can be manually replaced by making a new view on the same machine as the same user, and copying the affected file(s) to the view storage:
# config_spec
# groups.sd
# identity.sd
# view_db.state (as long as the view is not in the process
of being reformatted); see technote 1134858 for more information
# db/view_db.dbd (for schema 9 views only; 2002.05.00 and earlier)
# db/view_db_schema_version
# .view - The copy obtained from the new view must be edited to contain the correct information for the old view as described below. The correct information can be obtained from the output of "cleartool lsview -long <old_viewtag>".
Line 1: the location of the view storage directory, in hostname:pathname format
Line 2: the view's UUID (unique identifier), which must not be changed
Line 3: the hostname specified in line 1
Files that cannot be replaced:
# All other files in the db directory except the ones mentioned above
( view_db_schema_version and view_db.dbd)
If you use cleartool, I think you may try it this way:
cleartool lsview -properties [view-name]
* [view-name] /net/...[path]
Created 2014-01-07T18:05:15+02:00 by ...
Last modified 2014-01-07T21:13:07+02:00 by .....
Last accessed 2014-01-07T21:13:07+02:00 by .....
Owner: [owner-name] : rwx (all)
Group: [group-name] : r-x (read)
Other: : r-x (read)