August 26, 2008 ahydle

Solaris 10 Samba Maintenance

Replace permissions on a project directory

Because ZFS ACL’s include the concept of inheritance and differentiate between files and directories we need to do a search and replace operation in order to recursively change permissions on an entire directory.

chmod -R A- /export/Corporate/Sales
chmod -R 770 /export/Corporate/Sales

chmod A0=owner@:--------------:fdi---:deny /export/Corporate/Sales
chmod A1=owner@:rwxpdD-A-W-Co-:fdi---:allow /export/Corporate/Sales
chmod A2=group@:--------------:fdi---:deny /export/Corporate/Sales
chmod A3=group@:rwxpdD--------:fdi---:allow /export/Corporate/Sales
chmod A4=everyone@:rwxp--aARWcCos:fdi---:deny /export/Corporate/Sales
chmod A+group:domain+domain users:rx:deny /export/Corporate/Sales
chmod A+group:domain+corporate-all:wpdDxrcaRAwW:fd:allow /export/Corporate/Sales
chmod A+group:domain+corporate-sales:wpdDxraRAwW:fd:allow //export/Corporate/Sales
chmod A+group:domain+domain admins:Co:fd:allow /export/Corporate/Sales


cd /export/Corporate/Sales

find . -type d -exec chmod A0=owner@:--------------:fdi---:deny {} ;
find . -type d -exec chmod A1=owner@:rwxpdD-A-W-Co-:fdi---:allow {} ;
find . -type d -exec chmod A2=group@:--------------:fdi---:deny {} ;
find . -type d -exec chmod A3=group@:rwxpdD--------:fdi---:allow {} ;
find . -type d -exec chmod A4=everyone@:rwxp--aARWcCos:fdi---:deny {} ;
find . -type d -exec chmod A+group:domain+domain users:rx:deny {} ;
find . -type d -exec chmod A+group:domain+corporate-all:wpdDxrcaRAwW:fd:allow {} ;
find . -type d -exec chmod A+group:domain+corporate-sales:wpdDxraRAwW:fd:allow {} ;
find . -type d -exec chmod A+group:domain+domain admins:Co:fd:allow {} ;

find . -type f -exec chmod A0=owner@:--------------:------:deny {} ;
find . -type f -exec chmod A1=owner@:rwxpdD-A-W-Co-:------:allow {} ;
find . -type f -exec chmod A2=group@:--------------:------:deny {} ;
find . -type f -exec chmod A3=group@:rwxpdD--------:------:allow {} ;
find . -type f -exec chmod A4=everyone@:rwxp--aARWcCos:------:deny {} ;
find . -type f -exec chmod A+group:domain+domain users:rx:deny {} ;
find . -type f -exec chmod A+group:domain+corporate-all:wpdDxrcaRAwW:allow {} ;
find . -type f -exec chmod A+group:domain+corporate-sales:wpdDxraRAwW:allow {} ;
find . -type f -exec chmod A+group:domain+domain admins:Co:allow {} ;
, , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *