setfacl on a directory

UNIX Solaris
1

Hi All,

I am trying to set an ACL for a directory on my Solaris 10 box. I have an application which resides under /opt/CA directory. Application is installed by root and running as root. All log and configuration files are placed under /opt/CA as well.

What I am trying to do is granting access to a user on this application directory. I am using setfacl command as follows:

setfacl -r -m user:test:rwx,mask:rwx /opt/CA

and expecting user test to do everything under /opt/CA. After command execution, user test can create new files, read the current files but can not edit the current files that are owned by root. I can setfacl for the files this is ok for now. But my application is creating new log files that are owned by root so i need to setfacl again. Shortly, setfacl on files is not the solution.

Does anyone have such an occasion before ? What would be the solution in order to enable access to user test ?

Thanks,
Niyazi

2

I have a scenario where my ACLs are as follows :
$ getfacl SCD
# file: SCD
# owner: jscdetst
# group: sad
user::rwx
user:saddev:rwx
group::rwx
mask::rwx
other::r-x
default:user::rw-
default:group::r--
default:mask::rw-
default:other::---

Now when i go inside SCD directory and create a sample file f it shows me owning groups having rw- permissions..where as in the above ACL I had defined default group acl to be just r--.

$ cd SCD
$ touch f
$ ls -lrt f
-rw-rw----+ 1 jscdetst sad 0 Sep 14 11:52 f

More strangely, when I do getfacl f; it shows me the picture i want..but this seems to be not in consistency with what ls -lrt is showing me above :

$ getfacl f
# file: f
# owner: jscdetst
# group: sad
user::rw-
group::r--
mask::rw-
other::---

Why is owning group permissions different in ls -lrt and getfacl.
And if so, what are the real permissions?