Hi all,
How can I set default owning user and default owning group with setfacl on Solaris 2.6 and up ?
My idea is, that when a file is created by user x, and the default owning user is y, the ownership is set to y.
This option is visible in the filemanager, though not editable. I can't find anything about it in the man pages or on the SUN webpage.
Can anyone help me out ?
Thanks,
Andy
I can't help with GUIs much 
but from the command line or a script the command would be chown
You can't normally do this unless you are a priviledged user, right?|
Neo,
the command for what I would like to accomplish is setfacl, not chown. With chown you can set standard rights for files you own. With setfacl I can give individuals or groups access to my stuff, even when my dirs are set to 700 for example. You can set these as a normal user, but from a maintenance point of view, we want to control them by setting the homedir of users to root, with some ACL's.
Andy
Yes, an ACL layer in the kernel /systemuses these functions. Sorry, I was talking more generic. You can do most of what you described in your original post with chown and chmod and don't need complex ACLs.
You said:
This can be done with an SUID script in the shell and does not require the complexity of ACLs. Most organizations that I have worked with set up ACLs do so at the system call and system object level; not at the user file permissions level. ACLs slow down performance and there needs to be a very compelling to use them.
In your original post, the compelling reason to use lower level ACLs is not obvious to me. That is why I suggested a chown wrapper.
Neo,
I still think I need ACL's. With the standard chown and chmod commands, I can't set for example secondary groups or specific users to acces a file, or folder. But, my question still not answered is : is it possible to have a user x create a file, which will have the ownership and group rights of the directory it is created in ? example : there is a directory wwwjava, wwwjava is a dummyuseraccount for claiming the UID in NIS. There is also a group wwwjava. In this group are several people. Now, is it possible to have user x, which is in the group wwwjava, to create a file with ownership wwwjava and group wwwjava, instead of the ownership of user x and his primary group ?
Andy
Andy asks:
Yes, one way to do it is to write a small script (command) that reads the current directory; gets the owner and group information of a file that is an argument to the script. The script may have to be set SUID with ownership root. This is not very secure, but you asked 'is it possible?' The more complex the security requirements, the more involved.
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it 
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything