Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [access-control-list]

An access-list is a list of rules, usually held on network devices such as switches, routers or firewalls, that matches network traffic. The specific term 'access-list' is used in the context of Cisco devices, although the concept of an 'access list' is more generic.

An access-list is a list of rules, usually held on network devices such as switches, routers or firewalls, that matches network traffic. The specific term 'access-list' is used in the context of Cisco devices, although the concept of an 'access list' is more generic.

The purpose of the list is to match traffic so that the device can behave in a particular way. It may be as simple as permitting or dropping packets based on the list, or it may involve more complex operations such as applying a rate-limiting, or QoS policy to the matched traffic.

773 questions
132
votes
3 answers

What does Apache's "Require all granted" really do?

I've just update my Apache server to Apache/2.4.6 which is running under Ubuntu 13.04. I used to have a vhost file that had the following: AllowOverride All But when I ran that I…
John Crawford
  • 2,005
  • 3
  • 15
  • 9
58
votes
4 answers

linux/setfacl - Set all current/future files/directories in parent directory to 775 with specified owner/group

I have a directory called "members" and under it there are folders/files. How can I recursively set all the current folders/files and any future ones created there to by default have 775 permissions and belong to owner/group nobody/admin…
Maverick
  • 1,561
  • 1
  • 11
  • 9
37
votes
10 answers

How to take ownership of files from the command line?

Every so often I run into a file that I need to take ownership of. I normally use cacls for changing ntfs permissions, but it doesn't seem to do ownership. Under *nix I would run something like chown me:me . Is there a windows equivalent to…
Joe
  • 1,545
  • 1
  • 10
  • 15
33
votes
8 answers

How to workaround the NTFS Move/Copy design flaw?

As anyone that has dealt with file server permissions is aware, NTFS has an interesting design feature/flaw known as the Move/Copy problem. As explained in this MS KB article, the permissions for a folder or file do not automatically inherit from…
David Archer
  • 599
  • 1
  • 6
  • 16
23
votes
4 answers

icacls granting access to all users on windows 7

I'm trying to give full access (read, write) to a specific folder to all users on Windows 7. The problem is that I don't know how to do that using icacls.
Alfredo Osorio
  • 333
  • 1
  • 2
  • 6
23
votes
6 answers

Why does cp not respect ACLs?

A common way to set up a directory for file sharing within a group, is: $ mkdir foo $ chgrp felles foo $ chmod g+ws foo $ setfacl -m group:felles:rwx foo $ setfacl -dm group:felles:rwx foo This ensures that any files created in foo is readable and…
bhm
  • 351
  • 1
  • 2
  • 6
19
votes
2 answers

Difference between 0.0.0.0/0 and ::/0 in access control lists

When setting up access control lists, what's the difference between 0.0.0.0/0 and ::/0? I'm seeing this for an AWS EC2 instance I'm setting up
Hassan Baig
  • 2,325
  • 12
  • 29
  • 48
19
votes
3 answers

How do I match a wildcard host in ACL lists in HAproxy?

I have the following lines in my haproxy.conf: acl valid_domains hdr(Host) -i mysite.com images.mysite.com docs.mysite.com admin.mysite.com redirect location http://mysite.com/invalid_domain if !valid_domains How do I match any subdomain? I…
Tom
  • 731
  • 3
  • 11
  • 24
19
votes
3 answers

Change owner recursively with Powershell?

I'm trying to use Powershell to change owner of a folder, recursively. I'm basically using this code: $acct1 = New-Object System.Security.Principal.NTAccount('DOMAIN\Enterprise Admins') $profilefolder = Get-Item MyFolder $acl1 =…
Mikael Grönfelt
  • 677
  • 3
  • 7
  • 14
18
votes
2 answers

Why does chmod(1) on the group affect the ACL mask?

I am trying to understand this Unix behavior (which I happen to be testing on Ubuntu 11.10): $ touch foo $ setfacl -m u:nobody:rwx foo $ getfacl foo # file: foo # owner: michael # group:…
Michael Kropat
  • 859
  • 2
  • 8
  • 16
17
votes
1 answer

HAProxy ACL multiple OR conditions

Using Haproxy 1.5.12 running on Ubuntu 12.04 I need to restrict access to my website to requests either coming from certain IPs or having a defined parameter in the request. So for example the following request should work only from authorized…
jeremyjr
  • 375
  • 2
  • 7
  • 15
16
votes
2 answers

setfacl to reset file to default permissions?

I have a directory with the following default ACLs: default:user:phptutor:rwx However, none of the files/directories in that directory have that default permission (because it was added after they were created). How can I copy the default ACLs of a…
hopeseekr
  • 281
  • 1
  • 2
  • 9
16
votes
4 answers

How do I copy ACLs on Mac OS X?

Most unix derivates can copy ACLs from one file to another with: getfacl filename1 | setfacl -f - filename2 Unfortunately Mac OS X does not have the getfacl and setfacl commands, as they have rolled ACL handling into chmod. chmod -E accepts a list…
MagerValp
  • 311
  • 1
  • 3
  • 9
15
votes
3 answers

Working around an AWS network ACL rule limit

At a maximum, a VPC network ACL can have 40 rules applied. I have a list of over 50 IP addresses that I need to explicitly block access to in our systems, over any port and any protocol. This is an ideal purpose for an ACL, but the limit is…
emmdee
  • 2,187
  • 12
  • 36
  • 60
15
votes
2 answers

Can I override my umask using ACLs to make all files created in a given directory world readable?

Assume that my umask is 0077. I have a directory, foo, that I want to have special permissions applied to it. All files I create in foo should be world readable, and all directories should be world readable and executable. Currently, if I create a…
stickmangumby
  • 526
  • 2
  • 5
  • 11
1
2 3
51 52