From: SMTP%"lauri@elwing.fnal.gov" 24-MAY-1994 08:21:34.26 To: EVERHART CC: Subj: Re: acl and quota From: lauri@fndcd.fnal.gov (Laurelin of Middle Earth) X-Newsgroups: comp.os.vms Subject: Re: acl and quota Date: 20 May 1994 16:23:27 GMT Organization: Fermi National Accelerator Lab Lines: 45 Message-Id: <2rio5v$mri@fnnews.fnal.gov> Reply-To: lauri@elwing.fnal.gov Nntp-Posting-Host: dcd00.fnal.gov To: Info-VAX@CRVAX.SRI.COM X-Gateway-Source-Info: USENET In article <19MAY199413112802@vax2.concordia.ca>, glsa@vax2.concordia.ca (Byron Smith) writes: >How can you use ACL to set quota for a shared directory? It >seems that even though acl will let you set group ownership >of a file and directory, writing to the file is impossible >because you also have to share quota, (at least if the acl >shared file is on a different disk). > First, the identifier must be created with the RESOURCE attribute. Second, it must be granted to the specific group of users with the RESOURCE attribute. $ MCR AUTHORIZE > ADD/ID XYZZY /ATTRIB=RESOURCE > GRANT/ID XYZZY USER1 /ATTRIBU=RESOURCE > GRANT/ID XYZZY USER2 /ATRRIBU=RESOURCE ... Then the identifier must be granted quota on the disk in question, and the appropriate ACL's must be set on the parent directory: $ MCR DISKQUOTA > USE somedisk > ADD XYZZY /PERM=somevalue /OVER=anothervalue $ CREATE/DIR/OWNER=XYZZY somedisk:[some_dir] a) $ SET ACL/ACL=(ID=XYZZY, OPTIONS=DEFAULT, ACCESS=R+W+E+D+C) - somedisk:[000000]some_dir.DIR b) $ SET ACL/ACL=(ID=XYZZY, ACCESS=R+W+E+D+C) - somedisk:[000000]some_dir.DIR The a) ACL has *nothing* to do with access to the directory file itself, it is merely there to say which ACL should propogate to files created within the directory. The b) ACL is what controls access to the .DIR file. -- lauri /-----------------------------------------------------------------------------\ | Lauri Loebel Carpenter "All that is gold does not glitter, | | lauri@elwing.fnal.gov Not all those who wander are lost..." - JRRT | | #include /* I only speak for myself */ | \-----------------------------------------------------------------------------/