DSfW default sysvol ACLs for oes11 SP2

  • Document ID:7014605
  • Creation Date:21-Feb-2014
  • Modified Date:21-Feb-2014
    • Micro Focus Products:
      eDirectory
      Open Enterprise Server
    • SUSE Products:
      SUSE Linux Enterprise Server

Environment

Novell Open Enterprise Server 11 SP2 (OES11 SP2)
Domain Services for Window
DSFW

Situation

Example of  OES11 file system rights to the sysvol.

Run the command getfacl - R /var/opt/novell/xad/sysvol

Resolution

The /etc/fstab must allow the acl option
Example:
/dev/sda2            /                    ext3       acl,user_xattr        1 1

getfacl - R /var/opt/novell/xad/sysvol output

# file: sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/scripts
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/scripts/Default User
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies
# owner: administrator
# group: domain\040admins
# flags: --t
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/gpt.ini
# owner: administrator
# group: domain\040admins
user::rw-
group::r-x #effective:r--
group:domain\040admins:rwx #effective:rw-
group:domain\040users:r-x #effective:r--
group:domain\040computers:r-x #effective:r--
group:group\040policy\040creator\040owners:rwx #effective:rw-
mask::rw-
other::---

# file: sysvol/staging
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/staging areas
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---

# file: sysvol/sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---