source: postlfs/security/acl.xml@ 45c4154

10.0 10.1 11.0 7.10 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 45c4154 was 45c4154, checked in by Ken Moffat <ken@…>, 8 years ago

acl is weird enough to need --libexecdir - thanks to Armin for pointing this out to me.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12792 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 7.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY acl-download-http "http://download.savannah.gnu.org/releases/acl/acl-&acl-version;.src.tar.gz">
8 <!ENTITY acl-download-ftp " ">
9 <!ENTITY acl-md5sum "a61415312426e9c2212bd7dc7929abda">
10 <!ENTITY acl-size "384 KB">
11 <!ENTITY acl-buildsize "9.1 MB">
12 <!ENTITY acl-time "0.1 SBU">
13]>
14
15<sect1 id="acl" xreflabel="acl-&acl-version;">
16 <?dbhtml filename="acl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>acl-&acl-version;</title>
24
25 <indexterm zone="acl">
26 <primary sortas="a-acl">acl</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to acl</title>
31
32 <para>The <application>acl</application> package contains utilities to
33 administer Access Control Lists, which are used to define more fine-grained
34 discretionary access rights for files and directories.</para>
35
36 &lfs75_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>Download (HTTP): <ulink url="&acl-download-http;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download (FTP): <ulink url="&acl-download-ftp;"/></para>
45 </listitem>
46 <listitem>
47 <para>Download MD5 sum: &acl-md5sum;</para>
48 </listitem>
49 <listitem>
50 <para>Download size: &acl-size;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated disk space required: &acl-buildsize;</para>
54 </listitem>
55 <listitem>
56 <para>Estimated build time: &acl-time;</para>
57 </listitem>
58 </itemizedlist>
59
60 <bridgehead renderas="sect3">acl Dependencies</bridgehead>
61
62 <bridgehead renderas="sect4">Required</bridgehead>
63 <para role="required"><xref linkend="attr"/></para>
64
65 <para condition="html" role="usernotes">User Notes:
66 <ulink url="&blfs-wiki;/acl"/></para>
67
68 </sect2>
69
70 <sect2 role="installation">
71 <title>Installation of acl</title>
72
73 <para>Install <application>acl</application> by running the following
74 commands:</para>
75
76<screen><userinput>sed -i -e 's|/@pkg_name@|&amp;-@pkg_version@|' \
77 include/builddefs.in &amp;&amp;
78
79INSTALL_USER=root \
80INSTALL_GROUP=root \
81./configure --prefix=/usr --libexecdir=/usr/lib --disable-static &amp;&amp;
82make</userinput></screen>
83
84 <para>For meaningful results, the tests need to be carried out on a file
85 system that supports extended attributes. It is also required that
86 <application>Coreutils</application> is re-installed after
87 <application>acl</application> is installed so that the extra acl bit
88 displays correctly on a <command>ls</command> command.</para>
89
90 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
91
92<!-- Package uses DIST_ROOT instead of DESTDIR -->
93<screen role="root"><userinput>make install install-dev install-lib &amp;&amp;
94chmod -v 755 /usr/lib/libacl.so &amp;&amp;
95mv -v /usr/lib/libacl.so.* /lib &amp;&amp;
96ln -sfv ../../lib/libacl.so.1 /usr/lib/libacl.so &amp;&amp;
97install -v -m644 doc/*.txt /usr/share/doc/acl-&acl-version;</userinput></screen>
98
99 <para>You should now re-install <application><ulink
100 url="&lfs-root;/chapter06/coreutils.html">Coreutils</ulink>
101 </application> and proceed to run the test suite.</para>
102
103 <para>There are three sets of tests that come with this package. The local
104 partition where the tests are run must be mounted with acl configured as
105 described below. Additionally, the users <systemitem
106 class="username">bin</systemitem> and <systemitem
107 class="username">daemon</systemitem> must be created or modified to have a
108 proper shell and home directory and the group <systemitem
109 class="groupname">daemon</systemitem> must be a member of the <systemitem
110 class="groupname">bin</systemitem> group. The kernel must also be
111 configured with the appropriate ACL options (there are nine different
112 options).</para>
113
114 <para>To run the standard tests run <command>make tests </command>. As
115 <systemitem class="username">root</systemitem> user, run <command>make
116 root-tests</command>.</para>
117
118 <para>The third set of tests are Network File System (NFS) specific. See
119 the contents of the test files in the test/nfs/ directory for the setup
120 requirements.</para>
121
122 </sect2>
123
124 <sect2 role="commands">
125 <title>Command Explanations</title>
126
127 <para><command>sed -i ... include/builddefs.in</command>: This command
128 modifies the documentation directory so that it is a versioned
129 directory.</para>
130
131 <para><command>--libexecdir=/usr/lib</command>: This switch ensures that
132 <filename class="libraryfile">libacl.la</filename> is installed in the correct
133 directory, and that a spurious
134 <filename class="libraryfile">libacl.so</filename> symlink is not created in
135 <filename class="directory">/usr/libexec/</filename>.</para>
136
137 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
138 href="../../xincludes/static-libraries.xml"/>
139
140 </sect2>
141
142 <sect2 role="configuration">
143 <title>Configuring acl</title>
144 <sect3><title>Configuration Information</title>
145
146 <para>There is no configuration to <application>acl</application> itself,
147 but to get any use out of <application>acl</application>, a filesystem
148 needs to support access control lists.</para>
149
150 <para>One way to achieve this is to add the acl option to an ext3
151 filesystem in the <filename>/etc/fstab</filename> file as shown
152 below:</para>
153
154<screen># file system mount-point type options dump fsck
155# order
156
157/dev/sda1 / ext3 defaults,acl,user_xattr 0 2</screen>
158
159 </sect3>
160
161 </sect2>
162
163 <sect2 role="content">
164 <title>Contents</title>
165
166 <segmentedlist>
167 <segtitle>Installed Programs</segtitle>
168 <segtitle>Installed Library</segtitle>
169 <segtitle>Installed Directories</segtitle>
170
171 <seglistitem>
172 <seg>chacl, getfacl, and setfacl</seg>
173 <seg>libacl.{so,a}</seg>
174 <seg>/usr/{include/acl,share/doc/acl-&acl-version;}</seg>
175 </seglistitem>
176 </segmentedlist>
177
178 <variablelist>
179 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
180 <?dbfo list-presentation="list"?>
181 <?dbhtml list-presentation="table"?>
182
183 <varlistentry id="chacl">
184 <term><command>chacl</command></term>
185 <listitem>
186 <para>changes the access control list of a file or directory.</para>
187 <indexterm zone="acl chacl">
188 <primary sortas="b-chacl">chacl</primary>
189 </indexterm>
190 </listitem>
191 </varlistentry>
192
193 <varlistentry id="getfacl">
194 <term><command>getfacl</command></term>
195 <listitem>
196 <para>gets file access control lists.</para>
197 <indexterm zone="acl getfacl">
198 <primary sortas="b-getfacl">getfacl</primary>
199 </indexterm>
200 </listitem>
201 </varlistentry>
202
203 <varlistentry id="setfacl">
204 <term><command>setfacl</command></term>
205 <listitem>
206 <para>sets file access control lists.</para>
207 <indexterm zone="acl setfacl">
208 <primary sortas="b-setfacl">setfacl</primary>
209 </indexterm>
210 </listitem>
211 </varlistentry>
212
213 <varlistentry id="libacl">
214 <term><filename class='libraryfile'>libacl.{so,a}</filename></term>
215 <listitem>
216 <para>contains the <application>acl</application> API functions.</para>
217 <indexterm zone="acl libacl">
218 <primary sortas="c-libacl">libacl.{so,a}</primary>
219 </indexterm>
220 </listitem>
221 </varlistentry>
222
223 </variablelist>
224
225 </sect2>
226
227</sect1>
Note: See TracBrowser for help on using the repository browser.