Using ACLs (Acces Control List)

5:19 PM / Diposting oleh Sharing IT / komentar (0)

Introduction

What are ACLs and why would you want to use them?

ACLs are Access Control Lists for files and directories. They are based on the IEEE's POSIX 1003.1e draft 17, also known simply as POSIX.1e. ACLs are an addition to the standard Unix file permissions (r,w,x,-) for User, Group, and Other. ACLs give users and administrators flexibility and fine-grained control over who can read, write, and execute files. This can all be done without adding mysterious groups and pestering the system administrator.

Commercial Unix operating systems (except SCO) have all had ACL functionality for quite awhile. Microsoft's NTFS also has similar capabilities. FreeBSD 5.x supports POSIX.1e ACLs as well. The new Linux 2.6 kernel supports ACLs for EXT2, EXT3, XFS, JFS, and ReiserFS.

Fedora Core 2, Red Hat's first distribution with a 2.6 kernel, is a good vehicle for taking Linux ACLs for a test drive. This document is a basic HOWTO/tutorial on using ACLs with Fedora.

Assumptions

  • You are using Fedora Core 2
  • You have another partition besides /, /boot, and swap defined, or some unpartitioned free space on one of your disks
  • You are using the EXT2, EXT3, or XFS filesystems
  • You can login as root

If you have no free space on the disk, and all of your files and binaries are located in the root ( / ) partition, then you may not want to experiment with ACLs.

Note: Both JFS and ReiserFS can support ACLs under Linux, but Fedora Core 2 does not appear to support it. ReiserFS cannot be mounted with the "acl" option, and jfs_mkfs appears to be seriously broken. Therefore, this HOWTO will be limited to EXT2, EXT3, and XFS.

Getting Started

Assuming you have an EXT2 or EXT3 partition that you are willing to use for testing, we can get started. On my test machine, I have the following available partitions:

  • /dev/hda5 /home (ext3)
  • /dev/hda9 /XFS (xfs)

For the examples in this HOWTO, I will be using the home directory of user "tristan", which is /home/tristan. Note that this directory belongs to a separate Linux partition, not the the root ( / ) partition. If you have some extra unpartitioned space on one of your disks, this would be a good time to create a test partition. You can do this with the fdisk command, then you can format it with the mke2fs command. Make sure you read up on all the required steps before you do this, otherwise you can nuke your system, disk, or data!

If you did not install Fedora Core 2 with the "XFS" option, but you want to try ACLs on XFS, take a look at the XFS Notes section.

You will need to unmount the partitions of your choice, and then remount them with the "acl" option. First, I made a copy of my /etc/fstab file:

[root@fc2 root]# cp -v /etc/fstab /etc/fstab.org
`/etc/fstab' -> `/etc/fstab.org'

Then, I made the following modifications in red to the /etc/fstab config file. For clarity, I am only including hard disk entries:

LABEL=/                 /                 ext3    defaults        1 1
LABEL=/boot             /boot             ext3    defaults        1 2
LABEL=/home             /home             ext3    rw,acl          1 2
LABEL=/tmp              /tmp              ext3    defaults        1 2
LABEL=/usr              /usr              ext3    defaults        1 2
LABEL=/var              /var              ext3    defaults        1 2
/dev/hda8               swap              swap    defaults        0 0
/dev/hdd1               /Data             ext3    ro,noatime      1 2
LABEL=/XFS              /XFS              xfs     rw,noatime      0 2

Now, you will need to remount the /home partition with the "acl" option. The easiest way to do this is with the "remount" option, since it will work even while the partition is in use:

[root@fc2 root]# mount -v -o remount /home
/dev/hda5 on /home type ext3 (rw,acl)

Another way to remount the partition with the "acl" option is to make sure that nobody else is on the sytem and the /home partition is not in use, then unmount, then mount the partition:

[root@fc2 root]# umount /home
[root@fc2 root]# mount /home

[root@fc2 root]# mount -l
/dev/hda2 on / type ext3 (rw) [/]
/dev/hda1 on /boot type ext3 (rw) [/boot]
/dev/hda5 on /home type ext3 (rw,acl) [/home]
/dev/hda7 on /tmp type ext3 (rw) [/tmp]
/dev/hda3 on /usr type ext3 (rw) [/usr]
/dev/hda6 on /var type ext3 (rw) [/var]
/dev/hdd1 on /Data type ext3 (ro,noatime) []
/dev/hda9 on /XFS type xfs (rw,noatime) [/XFS]

If you had trouble unmounting your target partitions, you may need to drop to single user mode with the init 1 command. This should allow you to unmount the filesystems. After that, you can remount the filesystems and issue an init 3 or init 5 command to put you back into your regular operating environment.

Using ACLs

Now, we can actually start using ACLs. The basic commands that we are interested in are:

  • getfacl
  • setfacl

We will first look at the getfacl command. The owner of the directory we will be working with is "tristan", and the guest user will be "axel" and the guest group will be "lensmen". First, create a test file, then look at the permissions and the ACL:

[tristan@fc2 tristan]$ cd /home/tristan
[tristan@fc2 tristan]$ cp /etc/services pizza

[tristan@fc2 tristan]$ ls -l pizza
-rw-r--r--  1 tristan tristan 19936 May 28 16:59 pizza

[tristan@fc2 tristan]$ getfacl pizza
# file: pizza
# owner: tristan
# group: tristan
user::rw-
group::r--
other::r--

So far, there is nothing very exciting to see. Now, let's change the ACL so that user "axel" can read and write to the file:

[tristan@fc2 tristan]$ setfacl -m u:axel:rw- pizza
[tristan@fc2 tristan]$ getfacl pizza
# file: pizza
# owner: tristan
# group: tristan
user::rw-
user:axel:rw-
group::r--
mask::rw-
other::r--
                                                                            
[tristan@fc2 tristan]$ ls -l pizza
-rw-rw-r--+ 1 tristan tristan 19936 May 28 16:59 pizza

You will notice that there is now an extra user entry in the ACL, and there is a "+" next to the file in the output from the ls command. The "+" indicates that an ACL has been applied to the file or directory. Now, let's add a group ("lensmen") and another user ("tippy") to the ACL for pizza:

[root@fc2 tristan]# setfacl -m u:tippy:r--,g:lensmen:r-- pizza

[root@fc2 tristan]# getfacl pizza
# file: pizza
# owner: tristan
# group: tristan
user::rw-
user:axel:rw-
user:tippy:r--
group::r--
group:lensmen:r--
mask::rw-
other::r--

Hmmm...what's the mask entry? This is the effective rights mask. This entry limits the effective rights granted to all ACL groups and ACL users. The traditional Unix User, Group, and Other entries are not affected. If the mask is more restrictive than the ACL permissions that you grant, then the mask takes precedence. For example, let's change the mask to "r--" and give user "tippy" and group "lensmen" the permissions rwx, and see what happens:

[tristan@fc2 tristan]$ setfacl -m u:tippy:rwx,g:lensmen:rwx pizza

[tristan@fc2 tristan]$ setfacl -m mask::r-- pizza

[tristan@fc2 tristan]$ getfacl --omit-header pizza
user::rw-
user:axel:rw-                #effective:r--
user:tippy:rwx               #effective:r--
group::r--
group:lensmen:rwx            #effective:r--
mask::r--
other::r--

The ACL now shows an "effective" rights mask. Even though "tippy" has been given rwx permissions, he actually only has r-- permissions because of the mask.

In most cases, I want the effective mask to allow whatever permissions I granted to named users and groups, so my mask will be rw- or rwx. I will reset it like this:

[tristan@fc2 tristan]$ setfacl -m m::rw- pizza

[tristan@fc2 tristan]$ getfacl --omit pizza
user::rw-
user:axel:rw-
user:tippy:rw-
group::r--
group:lensmen:rwx               #effective:rw-
mask::rw-
other::r--

What about using the setfacl command to change normal User, Group, and Other permissions? No problem! This can be used instead of chmod:

[tristan@fc2 tristan]$ setfacl -m u::rwx,g::rwx,o:rwx pizza

[tristan@fc2 tristan]$ ls -l pizza
-rwxrwxrwx+ 1 tristan tristan 19965 May 29 09:31 pizza

[tristan@fc2 tristan]$ getfacl --omit pizza
user::rwx
user:axel:rw-
user:tippy:rw-
group::rwx
group:lensmen:rwx
mask::rwx
other::rwx

Note that the mask changed! Whenever you change the permissions of a user or a group with setfacl, the mask is changed to match. Therefore, if you want a restrictive mask, it must be applied after the user and group permissions are modified.

Another thing to keep in mind is that the chmod command does not alter the file's ACL...the ACL information will remain intact, except that the mask entry can change as described above.

More setfacl Details and Examples

The setfacl command has many options. In this section, we will look at some of the more useful ones.

Remove Specific Entries from an ACL

You can remove specific ACL entries with the -x option. In this example, we will remove the entry for user "tippy" and user "axel" but leave the other entries alone:

[tristan@fc2 tristan]$ getfacl --omit pizza
user::rwx
user:axel:rw-
user:tippy:rw-
group::rwx
group:lensmen:rwx
mask::rwx
other::rwx

[tristan@fc2 tristan]$ setfacl -x u:tippy,u:axel pizza

[tristan@fc2 tristan]$ getfacl --omit pizza
user::rwx
group::rwx
group:lensmen:rwx
mask::rwx
other::rwx

Remove Entire ACL

To completely remove an ACL from a file or directory:

[tristan@fc2 tristan]$ setfacl -b pizza

You can also use:

[tristan@fc2 tristan]$ setfacl --remove-all pizza

Using the --set Option

If you want to explicitly set all of the file permissions on a file or a group of files, you must use the --set option. This is different from the -m option, which only modifies the existing ACL. The --set option replaces all permissions and ACLs with the new values. When you use the --set option, all of the User, Group, and Other permissions must be defined. Here is an example:

[tristan@fc2 tristan]$ setfacl --set u::rw,g::rw,o::-,u:tippy:r pizza

[tristan@fc2 tristan]$ getfacl --omit pizza
user::rw-
user:tippy:r--
group::rw-
mask::rw-
other::---

Using setfacl Recursively

If you want to apply ACLs to an entire directory and all of its subdirectories, use the -R option. Given the directory hierarchy /home/tristan/Level1/Level2/Level3/Level4, the following command will add an ACL entry for group "lensmen" to all of the Level* directories and their contents:

[tristan@fc2 tristan]$ setfacl -R -m g:lensmen:r-x /home/tristan/Level1

Using ACL Entries from a File:

What if you have a lengthy ACL that needs to be used frequently? Rather than typing it over and over again on the command line, you can save the ACL as a text file and use it to apply ACLs to other files. For example, we will create the ACL config file /home/tristan/myacl:

user:axel:rw-
user:tippy:rw-
group:lensmen:r--
group:marty:r--
group:fafnir:r--
mask::rw-
other::---

Now, we can easily apply these ACL modifications to files:

[tristan@fc2 tristan]$ setfacl -M myacl test*

[tristan@fc2 tristan]$ ls -l test*
-rw-rw----+ 1 tristan tristan 168 May 30 09:41 test1
-rw-rw----+ 1 tristan tristan 168 May 30 09:42 test2
-rw-rw----+ 1 tristan tristan 168 May 30 09:42 test3

[tristan@fc2 tristan]$ getfacl test1
# file: test1
# owner: tristan
# group: tristan
user::rw-
user:axel:rw-
user:tippy:rw-
group::rw-
group:marty:r--
group:lensmen:r--
group:fafnir:r--
mask::rw-
other::---

Note on UID, GID, and Permissions

When you are using setfacl, you can use numeric UIDs and GIDs instead of the actual names. The UIDs and GIDs do not have to exist yet. If you use names, then they must exist or you will get an error. You can use the

getfacl --numeric filename

command to view the numeric values.

Also, when you are specifying permissions, you can use octal permissions (0-7) instead of (r,w,x,-).

Example Scenario

Now that we have seen basic command usage, let's use a practical example to learn some more about ACLs. Tippy is working with Tristan on a project. He needs to be able to read, write, create, and delete files related to the project, which are located in Tristan's home directory. Tristan wants to do this without bothering the system administrator with requests for new groups and group membership changes. When the project is over, Tristan will remove the permissions for user "tippy" without bothering the sysadmin.

All of the project files are located in /home/tristan/Project. Here is how Tristan will handle the situation:

[tristan@fc2 tristan]$ setfacl -m user:tippy:--x /home/tristan
[tristan@fc2 tristan]$ getfacl /home/tristan
getfacl: Removing leading '/' from absolute path names
# file: home/tristan
# owner: tristan
# group: tristan
user::rwx
user:tippy:--x
group::---
mask::--x
other::---

[tristan@fc2 tristan]$ setfacl -R -m u:tippy:rwx,o::--- Project
[tristan@fc2 tristan]$ getfacl Project
# file: Project
# owner: tristan
# group: tristan
user::rwx
user:tippy:rwx
group::rwx
mask::rwx
other::---

[tristan@fc2 tristan]$ cd Project
[tristan@fc2 Project]$ ls -l
total 1560
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2.2
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so.3
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so.3.2
[tristan@fc2 Project]$ getfacl --omit libkrb5.so
user::rwx
user:tippy:rwx
group::r-x
mask::rwx
other::---

Now, Tippy can access the /home/tristan/Project directory. He can read, modify, add, and delete files. However, he cannot delete the Project directory, nor can he view any other files in Tristan's home directory. This is good, because Tippy likes to test his limits. Let's see what he can and can't do:

[tippy@fc2 tippy]$ cd /home/tristan
[tippy@fc2 tristan]$ ls
ls: .: Permission denied
[tippy@fc2 tristan]$ rm -rf Project
rm: cannot remove `Project': Permission denied
[tippy@fc2 tristan]$ cd Project
[tippy@fc2 Project]$ ls -l
total 1560
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2.2
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so.3
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so.3.2
[tippy@fc2 Project]$ touch status-report.txt

[tippy@fc2 Project]$ date >> libkrb5.so.3
[tippy@fc2 Project]$ rm libkrb5.so.3
[tippy@fc2 Project]$ ls -l
total 1136
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2
-rwxrwx---+ 1 tristan tristan  86532 May 29 14:02 libgssapi_krb5.so.2.2
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so
-rwxrwx---+ 1 tristan tristan 423572 May 29 14:02 libkrb5.so.3.2
-rw-rw-r--  1 tippy   tippy        0 May 29 16:06 status-report.txt

Now, after the project is complete, it is a simple matter for user Tristan to revoke Tippy's access to /home/tristan:

[tristan@fc2 tristan]$ setfacl -x u:tippy: /home/tristan
[tristan@fc2 tristan]$ getfacl /home/tristan
getfacl: Removing leading '/' from absolute path names
# file: home/tristan
# owner: tristan
# group: tristan
user::rwx
group::---
mask::---
other::---

If user "tippy" decides to snoop around in /home/tristan/Project again, he will not be able to:

[tippy@fc2 tippy]$ cd /home/tristan
-bash: cd: /home/tristan: Permission denied
[tippy@fc2 tippy]$ ls /home/tristan/Project
ls: /home/tristan/Project: Permission denied

Note that this entire example was done without having to involve the system administrator!

The Default ACL

Up until now, we have been looking at the access ACL. There is also another type of ACL, called the default ACL. The default ACL is only applied to directories, and it defines the permissions that a newly created file or directory inherits from its parent directory.

When you create a new directory inside a directory that already has a default ACL, the new directory inherits the default ACL both as its access ACL and its default ACL.

Here is an example of defining a default ACL for a directory, and what happens when files and directories are created underneath that directory:

[tristan@fc2 tristan]$ mkdir Plato

[tristan@fc2 tristan]$ setfacl --set u::rwx,g::r-x,o::- Plato

[tristan@fc2 tristan]$ setfacl -d --set u::rwx,u:tippy:rwx,u:axel:rx,g::rx,g:lensmen:rx,o::- Plato
[tristan@fc2 tristan]$ getfacl Plato
# file: Plato
# owner: tristan
# group: tristan
user::rwx
group::r-x
other::---
default:user::rwx
default:user:axel:r-x
default:user:tippy:rwx
default:group::r-x
default:group:lensmen:r-x
default:mask::rwx
default:other::---

[tristan@fc2 tristan]$ cd Plato
[tristan@fc2 Plato]$ touch guitar
[tristan@fc2 Plato]$ getfacl guitar
# file: guitar
# owner: tristan
# group: tristan
user::rw-
user:axel:r-x                #effective:r--
user:tippy:rwx               #effective:rw-
group::r-x                   #effective:r--
group:lensmen:r-x            #effective:r--
mask::rw-
other::---

[tristan@fc2 Plato]$ mkdir Zep
[tristan@fc2 Plato]$ getfacl Zep
# file: Zep
# owner: tristan
# group: tristan
user::rwx
user:axel:r-x
user:tippy:rwx
group::r-x
group:lensmen:r-x
mask::rwx
other::---
default:user::rwx
default:user:axel:r-x
default:user:tippy:rwx
default:group::r-x
default:group:lensmen:r-x
default:mask::rwx
default:other::---

[tristan@fc2 Plato]$ cd Zep
[tristan@fc2 Zep]$ touch airship
[tristan@fc2 Zep]$ getfacl airship
# file: airship
# owner: tristan
# group: tristan
user::rw-
user:axel:r-x                #effective:r--
user:tippy:rwx               #effective:rw-
group::r-x                   #effective:r--
group:lensmen:r-x            #effective:r--
mask::rw-
other::---

The umask has no effect if a default ACL exists. In the following example, the umask is honored when a file is created in the /home/tristan directory, which has no default ACL. When a file is created under /home/tristan/Plato, which has a default ACL, you can see that the umask is ignored:

[tristan@fc2 tristan]$ umask ugo=
[tristan@fc2 tristan]$ umask
0777
[tristan@fc2 tristan]$ touch button
[tristan@fc2 tristan]$ ls -l button
----------  1 tristan tristan 0 Jun  1 00:47 button

[tristan@fc2 tristan]$ cd Plato
[tristan@fc2 Plato]$ touch switch
[tristan@fc2 Plato]$ ls -l switch
-rw-rw----+ 1 tristan tristan 0 Jun  1 00:47 switch

You can also modify and create default ACLs with another syntax, prefixing the u, g, or o entries with a "d" :

[tristan@fc2 tristan]$ setfacl -m d:u:axel:rwx,d:g:lensmen:rwx Plato
[tristan@fc2 tristan]$ getfacl Plato
# file: Plato
# owner: tristan
# group: tristan
user::rwx
group::r-x
other::---
default:user::rwx
default:user:axel:rwx
default:user:tippy:rwx
default:group::r-x
default:group:lensmen:rwx
default:mask::rwx
default:other::---

Using cp and mv with ACLs

Three major file utilities, ls, cp, and mv have been updated to handle ACLs. The mv command will always preserve ACLs if it is possible. If it is not possible, it will issue a warning. The cp command will only preserve ACLs if used with the -p or -a options.

In both cases, if you are trying to copy/move from a filesystem that supports ACLs to a filesystem that does not, only the standard Unix permissions will be retained. In the example below, you can see that using the cp -p command within the ACL-enabled /home filesystem worked, and using the same command to copy the file to the /root directory (which is not ACL-enabled) resulted in an error message. As root, do the following:

[root@fc2 root]# cd /home/tristan
[root@fc2 tristan]# mkdir ACL
[root@fc2 tristan]# cp -p pizza ACL/pizza
[root@fc2 tristan]# ls -l ACL/pizza
-rw-rwx---+ 1 tristan tristan 19965 May 29 09:31 ACL/pizza

[root@fc2 tristan]# cp -p pizza /root
cp: preserving permissions for `/root/pizza': Operation not supported
[root@fc2 tristan]# ls -l /root/pizza
-rw-rwx---  1 tristan tristan 19965 May 29 09:31 /root/pizza

Copying ACLs

If you already have a file with a complex ACL, you can easily copy that ACL to other files by piping the output of a getfacl command into the setfacl command. Here is an example of copying the ACL from bingo.txt to all of the files starting with "test":

[tristan@fc2 Compaq]$ ls -l
total 4
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:52 bingo.txt
-rw-rw----  1 tristan tristan 0 Jun  2 09:53 testa1
-rw-rw----  1 tristan tristan 0 Jun  2 09:53 testa2
-rw-rw----  1 tristan tristan 0 Jun  2 09:55 testa3
-rw-rw----  1 tristan tristan 0 Jun  2 09:53 testa4
-rw-rw----  1 tristan tristan 0 Jun  2 09:55 testa5

[tristan@fc2 Compaq]$ getfacl bingo.txt | setfacl --set-file=- test*

[tristan@fc2 Compaq]$ ls -l
total 24
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:52 bingo.txt
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:53 testa1
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:53 testa2
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:55 testa3
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:53 testa4
-rw-rw----+ 1 tristan tristan 0 Jun  2 09:55 testa5

[tristan@fc2 Compaq]$ getfacl --omit testa5
user::rw-
user:axel:rw-
user:tippy:rw-
group::rw-
group:marty:r--
group:lensmen:r--
group:fafnir:r--
mask::rw-
other::---

You can also archive all of the ACLs from an entire directory tree, then restore them later. You might want to do this if you are recovering files from backup media that does not support ACLs, like CD-ROM. Here is an example of archiving/saving all of the ACLs in the /home/tristan/Tree directory tree, and restoring them.

There are 898 files in this tree:

[tristan@fc2 tristan]$ du -h Tree
9.5M    Tree/A/B/C/D
19M     Tree/A/B/C
29M     Tree/A/B
38M     Tree/A
9.5M    Tree/AA/BB/CC/DD
19M     Tree/AA/BB/CC
29M     Tree/AA/BB
38M     Tree/AA
86M     Tree

Now, let's archive the ACLs into a file in our home directory:

[tristan@fc2 tristan]$ getfacl -R Tree > Tree.facl
[tristan@fc2 tristan]$ ls -l Tree.facl
-rw-rw-r--  1 tristan tristan 120550 Jun  2 12:08 Tree.facl

Now, we will simulate restoring the files from CD without ACLs by stripping all of the ACLs off:

[tristan@fc2 tristan]$ setfacl -R -b Tree

Now we can restore all of the ACL entries with one command:

[tristan@fc2 tristan]$ setfacl --restore Tree.facl

Archive and Restore Files with ACLs

What if you want to archive/backup files or directories with ACLs? Besides cp, what is there? Unfortunately, tar, cpio, pax, and dump will not save and restore ACL information. You can use the setfacl --restore mechanism in conjunction with a standard archiving/ backup system, but that is far from ideal. The answer is star, a TAR-like utility that is included in the Fedora Core 2 distribution.

Quotes from Star's author:

  • Star is the fastest known implementation of a tar archiver.
  • Star is even faster than ufsdump in nearly all cases.

Sounds interesting, doesn't it?

We can archive the entire /home/tristan/Tree directory tree from our previous example. We have to use the acl and -Hexustar options in order to archive and restore the ACL data. Here we go:

[tristan@fc2 /]$ cd /home/tristan

[tristan@fc2 tristan]$ star -Hexustar -acl -c f=Tree.star Tree
star: 8201 blocks + 0 bytes (total of 83978240 bytes = 82010.00k).

Now we will simulate losing our files and restoring them from a Star archive:

[tristan@fc2 tristan]$ rm -rf Tree

[tristan@fc2 tristan]$ star -acl -x f=Tree.star
star: 8201 blocks + 0 bytes (total of 83978240 bytes = 82010.00k).

When you check out the /home/tristan/Tree directory tree, you will find that it has been restored along with all the ACLs!

rdiff-backup

If you want to use a disk-to-disk backup instead of a tape archiver, consider using rdiff-backup. The stable branch now supports ACLs.

XFS Notes - Setting Up an XFS Filesystem with ACLs

XFS natively supports POSIX.1e ACLs. Unless you installed Fedora Core 2 with the XFS option, you will need to install the XFS RPM packages in order to use XFS. They are located on FC-2 ISO disk #4, in the Fedora/RPMS directory. You will need to install the following packages:

  • xfsprogs-2.6.13-1.i386.rpm
  • xfsprogs-devel-2.6.13-1.i386.rpm

Use the rpm -ivh xfsprogs*rpm command and you will soon be ready to go.

You will need a spare partition for your XFS filesystem. In my case, I created a spare partition as /dev/hda9. You must now create an XFS filesystem:

[root@fc2 root]# mkfs.xfs -i size=512 -f -L "/XFS" /dev/hda9
meta-data=/dev/hda9              isize=512    agcount=8, agsize=61046 blks
       =                       sectsz=512
data     =                       bsize=4096   blocks=488368, imaxpct=25
       =                       sunit=0      swidth=0 blks, unwritten=1
naming   =version 2              bsize=4096
log      =internal log           bsize=4096   blocks=2560, version=1
       =                       sectsz=512   sunit=0 blks
realtime =none                   extsz=65536  blocks=0, rtextents=0

The -i option is used to specify the size of the inodes. 256 is the default, but 512 bytes per inode significantly increases the speed of ACL lookups.

Now, create a directory to act as the mountpoint:

[root@fc2 root]# mkdir /XFS

Now, we have to actually mount the new filesystem. Unlike EXT2 and EXT3, no "acl" option is necessary. XFS assumes that you want ACLs. Example:

[root@fc2 root]# mount -v -t xfs /dev/hda9 /XFS
/dev/hda9 on /XFS type xfs (rw)

[root@fc2 root]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda2             4.2G  197M  3.8G   5% /
/dev/hda1              97M  5.9M   86M   7% /boot
/dev/hda5             9.7G  128M  9.0G   2% /home
/dev/hda7             985M   17M  919M   2% /tmp
/dev/hda3              15G  3.2G   11G  23% /usr
/dev/hda6             4.9G  184M  4.4G   4% /var
/dev/hdd1              29G   11G   17G  38% /Data
/dev/hda9             1.9G  160K  1.9G   1% /XFS

Alternatively, you could have used the mount command with the disk label "/XFS" that was added when you created the XFS filesystem. Example:

[root@fc2 root]# mount -v -t xfs -L "/XFS" /XFS
mount: mounting /dev/hda9
/dev/hda9 on /XFS type xfs (rw)

The last step is to add an entry to /etc/fstab so that the filesystem/partition will be mounted automatically during system boot. Here is a sample entry:

LABEL=/XFS          /XFS             xfs     rw,noatime    0 2

You can now start using the filesystem with ACLs.

Final Notes

There are limits to how many ACL entries can be applied to each file or directory. The number is filesystem dependent. EXT2 and EXT3 can have up to 32 entries, and XFS can have up to 25. Reiser and JFS can have over 8,000.

Enabling and using ACLs on a filesystem can reduce performance. It does not make sense to use ACLs for the root partition ( / ), /boot, /usr, /var, etc. I can see ACLs being very useful in /home and other user data partitions.

The only way to get familiar with Linux ACLs is to practice using them. Have fun with it!

Label:

Managing Group Access

9:31 AM / Diposting oleh Sharing IT / komentar (0)

Linux groups are a mechanism to manage a collection of computer system users. All Linux users have a user ID and a group ID and a unique numerical identification number called a userid (UID) and a groupid (GID) respectively. Groups can be assigned to logically tie users together for a common security, privilege and access purpose. It is the foundation of Linux security and access. Files and devices may be granted access based on a users ID or group ID. This tutorial attempts to show how this is used.

File, directory and device (special file) permissions are granted based on "user", "group" or "other" (world) identification status. Permission is granted (or denied) for read, write and execute access.

Group File, Directory and Device permissions: chmod

Set file, directory and device permissions:

File, directory and device permissions can be set to allow or deny access to members of their own group or all others. Modification of file, directory and device access is achieved with the chmod command.

The permissions can be assigned in octal notation or in the more easily recognized character format where the command form is: chmod [ugoa][+-=][rwxXst] fileORdirectoryName

u User access
g Group access
o Other system user's access
a Equivilent to "ugo"
+ Add access
- Remove access
= Access explicitly assigned
r Permission to read a file
Permission to read a directory (also requires "x")
w Permission to delete or modify a file
Permission to delete or modify files in a directory
x Permission to execute a file/script
Permission to read a directory (also requires "r")
s Set user or group ID on execution.
u Permissions granted to the user who owns the file
t Set "sticky bit. Execute file/script as user root for regular user.

Note: Other file systems can be mounted by Linux which support more file and directory options. This tutorial applies to the most popular Linus file systems: ext2, ext3, xfs and reiserfs

Examples:

  • Grant read access (r) to a file to all members of your group (g):
    chmod g+r file-name
  • Grant read access to a directory to all members your group:
    chmod g+rx directory-name
    Note that "execute" permission is required in order to read a directory.
  • Grant read permissions to everyone on the system to a file which you own so that everyone may read it: (u)ser, (g)roup and (o)ther.
    chmod ugo+r file-name
  • Grant read permissions on a directory to everyone on the system:
    chmod ugo+rx directory-name
  • Grant modify or delete permissions to a file which you own for everyone in the group:
    chmod ugo+rw file-name
    Note: In order for modify and delete permissions to be useful, one must be able to modify the directory in which the file is located: chmod ugo+rwx ./
  • Deny read access to a file by everyone except yourself:
    chmod go-r file-name
  • Allow everyone in your group to be able to modify the file:
    chmod 660 file-name
See chmod man page for more info.

View file, directory and device permissions:

Permissions may be viewed by issuing the command: ls -l file-name
  • File can be written by youself and members of the group. Others may only view it.
    -rw-rw-r-- user group file-size date file-name
  • Directory is completely open for read/write:
    drwxrwxrwx user group file-size date directory-name
  • File can only be accessed by owner (user):
    -rwx------ user group file-size date file-name
Where the first block of "rwx" represents the permissions for the user (u), the second is for the group (g) and the third is for others (o). The "-" represents no access for that access placeholder for user, group or other.

Octal codes:

Permissions may be granted using human readable assignments "rwx" or octal codes.
DescriptionAbreviationOctal code
Read accessr4
Write (change) permissionw2
Execute script of binary executablex1
Read and Executerx5
Read and Writerw6
Read, Write and Executerwx7
Use of octal assignment does not add or remove permission, but assigns the permission explicitly.
Examples:
  • Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access:
    chmod 640 filename
  • Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file)
    chmod 740 filename
Groups and group members: files /etc/passwd, /etc/group

Users are members of a default group. Red Hat Linux (also Fedora Core, CentOS, etc.) will add new users to a group of the same group name as the user name. The default group for a user is specified in the file /etc/passwd

Format: 
user-name:x:user-number:group-number:comment section:/home-directory:default-shell
Example: 
user1:x:500:500:Greg:/home/user1:/bin/bash
A new user may be created and assigned a group with the useradd command:
  • Add a new user and assign them to be members of the group "accounting":
    useradd -m -g accounting user2
  • Add a new user and assign them to be members of the initial group "accounting" and supplementary group "floppy":
    useradd -m -g accounting -G floppy user1
Command arguments for useradd:
ArgumentDescription
-mCreate a home directory in /home/
-MNo home directory created.
-gSpecify the initial group for the user.
-GSpecify the initial group for the user by using the group number.
-sSpecify the default shell for the user. If not specified set to /bin/bash
-eSpecify the expiration date. Format YYY-MM-DD
-fNumber of days after a password expires that an account is disabled. By default this feature is disabled (-1)
-uSpecify the user id number to be used.
Defaults specified in /etc/login.defs
View group membership for a user with the command "groups". Example: groups user2

The user id has a user system number associated with it (uid) and this is defined in /etc/passwd.
The group has a group system number (gid) associated with it and this is defined in /etc/group

Format: 
group-name:x:group-number:user1,user2
Example: 
user1:x:500:
user2:x:501:
floppy:x:19:user1
accounting:x:600:user2
apache:x:48:
User "user1" is a member of default group "user1" and also a member of group "floppy".

Creating a new group: (3 methods)

  • Manually add the group definition by aditing the file /etc/group
  • Use the groupadd command. Example: groupadd accounting
  • Use the GUI (Red Hat/Fedora/CentOS: system-config-users)

Group Commands:

  • gpasswd: administer the /etc/group file
  • groupadd: Create a new group
    Format: groupadd [-g gid [-o]] [-f] [-K KEY=VALUE] group
    Example: groupadd accounting
  • groupmod: Modify a group
    Format: groupmod [-g gid [-o ]] [-n new_group_name] group
    Example - Change name of a group: groupmod -n accounting nerdyguys
  • groupdel: Delete a group
    Example: groupdel accounting
  • vigr: Edit the group file /etc/group with vi. No arguments specified.

If using NIS, view the groups using the command: ypcat group

See the YoLinux NIS tutorial for more information on configuring and using a cetral NIS authentication server.
See the YoLinux LDAP authentication tutorial for more information on configuring and using a cetral LDAP authentication server.

Changing group ownership of files, directories, devices: chown / chgrp

chown:

This command is used by root (system superuser) only. As root, the group ownership of a file, directory or device can be changed with the "chmod" command:
  • Change the ownership of the file to the group "accounting":
    chown :accounting filename
  • Command format: chown user:group filename
Also see chown man page

chgrp:

This command is used by any system user who is a member of multiple groups. If the user creates a file, the default group association is the group id of user. If he wishes to change it to another group of which he is a member issue the command: chgrp new-group-id file-name

If the user is not a member of the group then a password is required.

Also see chgrp man page

Switching your default group: newgrp

Use the command newgrp group-name to switch your default group used in file creation or directory access. This starts a new shell. Exit to return to the previous group id. Use the ps command to see if more than one shell is active. This only works if you are a member of multiple groups otherwise you have no group to switch to.

For example "user2" would like to create a file in the accounting directory which can be read my members of his group. First switch the default group with the command: newgrp accounting

To return to your default group issue the "exit" command. If confused, issue the "ps" command. There should only be one instance of bash, else you are in the alternate group and not the default group.

Use the command newgrp group-name file-name to change the group associated with a file. You must be a member of the group to execute the command sucessfully. (or be root)

The newgrp command logs a user into a new group by changing a user's real and effective group ID. The user remains logged in and the current directory is unchanged. The execution of newgrp always replaces the current shell with a new shell, even if the command terminates with an error (unknown group).

Any variable that is not exported is reset to null or its default value. Exported variables retain their values. System variables (such as PS1, USER, PATH and HOME), are reset to default values unless they have been exported by the system or the user.

With no operands and options, newgrp changes the user's group IDs (real and effective) back to the group specified in the user's password file entry. This is a way to exit the effect of an earlier newgrp command.

A password is demanded if the group has a password and the user is not listed in /etc/group as being a member of that group. The only way to create a password for a group is to use passwd(1), then cut and paste the password from /etc/shadow to /etc/group. Group passwords are antiquated and not often used.

Gives new login as if logged in as group member: newgrp -

Default user groups:

Users are assigned upon user creation, a User Private Group (UPG) which is a unique group ID of the same name as the user ID. This allows for a fine atomic level of group permissions to be assigned for tighter and simpler default security.

Group Interrogation and Verification:

Check the group membership of a user: groups user-id

This will list all the groups to which user-id is a member.

Verification Commands:

  • pwck: verify integrity of password files
  • grpck: verify integrity of group files
    Example: grpck /etc/group

User admin and other commands:

  • useradd: Create a new user or update default new user information
  • usermod: Modify a user account
  • userdel: Delete a user account and related files
  • chage: change user password expiry information
  • pwconv: convert to and from shadow pass- words and groups.
  • pwunconv: convert to and from shadow pass- words and groups.
  • grpconv: creates gshadow from group and an optionally existing gshadow
  • grpunconv: creates group from group and gshadow and then removes gshadow
  • accton: turns process accounting on or off (Red Hat/Fedora/CentOS)
  • ac: Prints stats about users connect time (Red Hat/Fedora/CentOS)

Pre-Configured system groups:

The typical Linux installation will come with some exisitng standard groups: (See /etc/group)
Group IDs of less than 500 are reserved for user IDs employed by the operating system or its services.

Group ID GID
root 0
bin 1
daemon 2
sys 3
adm 4
tty 5
disk 6
lp 7
mem 8
kmem 9
wheel 10
mail 12
man 15
floppy 19
named 25
rpm 37
xfs 43
apache 48
ftp 50
lock 54
sshd 74
nobody 99
users 100

This is only a partial listing of the default groups. There will also be a default set of member user ID's associated with most of the groups. The "Linux Standard Base" defines three required user and group names. [see LSB chapter 21, Users & Groups]

Grant use of a device to system users:

The first example will be of granting access to a device, the CD-ROM. This is generally not done for regular users on a server. Server access to a CD-ROM is limited to root by default. (This example may also be applied to the diskette. Group: floppy, first floppy device: /dev/fd0)

  1. Grant mount privileges to system users
  2. Create group cdrom .
  3. Allow use of device by group cdrom .
  4. Add user to group cdrom .

  1. Grant privileges to system users to mount the device:
    • Manual method: This requires a change to the file /etc/fstab.The fourth column defines mounting options. By default only root may mount the device (option owner ). To grant users the ability to mount the device, change the owner option to user . With the user option only the user who mounted the device can unmount the device. To allow anyone to unmount the device, use the option users .
    • Gnome Nautilus (Gnome file browser: /usr/bin/nautilus):
      • Filesystem Location: /dev
      • Right click on device file "cdrom" and select option "Permissions".
    • Linuxconf GUI method: (Note: Linuxconf is no longer included with Red Hat Linux 7.3 and later)
      • RH 6.0: Select Gnome Start icon + System + Linuxconf .
      • RH 5.2: Start + Programs + Administration + Linuxconf .
      • Select Config + File systems + Access local drive .
      • Select the device /dev/cdrom
      • Select the tab Options.
      • Add the option User mountable to allow users to mount the CD-ROM. The user who mounted the CD must also be the one to unmount the CD. OR Select the tab Misc. and add to Other options: users if you want to allow anyone to be able to unmount the CD regardless of who mounted it.
    For more information see the man pages for mount and fstab.

  2. Create group cdrom :
    • Manual method:
      • Add the line cdrom:::root, to the file /etc/group where is the user to be granted use of the CD-ROM. (For example: cdrom::25:root,user1")
        OR
      • Add a group with the command: groupadd in this case groupadd cdrom .
    • Linuxconf GUI method: (Admin tool linuxconf is no longer included with Red Hat 7.3+.)
      • Start linuxconf.
      • Select Config + User Accounts + Normal + Group Definitions + Add .
      • Group Name: cdrom
      • Alternate Members (opt): root : (Add space delimited user ids here)
      • Accept
    For more information see the man pages for groupadd, groupmod and groupdel.

  3. Allow use of device by group cdrom .
    • Manual method:
      • Use the command: chown owner:group to assign the device to a user and group. For example: chown root.cdrom /dev/hdd . (Use hdd if cdrom is the slave device on the 2nd IDE controller.)
      • Allow group access to the device: chmod 660 /dev/hdd
    • GUI method:
      • Start the File Manager and right click the file representing the cdrom device. Select Properties . Then select the tab Permissions . Set the Owner to root and the Group to cdrom. Allow Read and Write privileges for the user and group by selecting the appropriate buttons.

  4. Add user to group cdrom : At this point, adding users to the group cdrom will grant them access to the device.
    • Manual method: The user id s specified in /etc/group is a comma separated list.
      • Use the command usermod -G . Be sure to list all groups as this is an absolute list and not an addition. To list all groups to which a user is a member use the command groups .
    • Linuxconf GUI method: Step two allowed you to assign users to the group. If users still need to be assigned use the following method:
      • After starting Linuxconf, select options Config + User Accounts + Normal + User Accounts .
      • Next to supplementary groups add the group cdrom. Groups should be delimited by spaces.

OR for a completely different method that steps 1 to 4, use the one step approach:

  • chmod 664 /dev/hdd : Allow read use to all users of the CD-ROM device (hdd is just the example, your device name can vary). This method is quick, unelegant and can be used for your own desktop system but definitely don t do this on a server.

Using CD-ROM:

You must mount and un-mount each CD-ROM individually. Do not switch CDs without un-mounting and re-mounting the new CD. (The GNOME desktop interface has features to do this for you. Covered later)

Command method:

  • mount -t iso9660 /dev/hdd /mnt/cdrom : This generates amount point for CD-ROM (or mount -t iso9660 /dev/cdrom /mnt/cdrom . The device name /dev/cdrom is a symbolic link to the actual device)
Note: Only root user may execute the mount command. Users must use the tool usermount.

Desktop GUI method:

  • RH 5.2: Start + Programs + Administration + Disk Management .
  • RH 6.0/6.1: Select Gnome icon (located lower left corner) + System + Disk Management .
  • The gui tool can also be started using the shell command /usr/bin/usermount.

After mounting the CD-ROM one can view its contents from the directory /mnt/cdrom.

  • Use the command: cd /mnt/cdrom
OR
  • GNOME toollbar Start icon File manager and select the appropriate folders.

Ubuntu and sound card access:

By default, Ubuntu installations do not allow users to utilize the sound card (device /dev/snd/*). This makes sense for a server installation but not for the desktop. To allow user access to the sound card, add the user to the "audio" group in file /etc/group: 
...
...
audio:x:29:root,user4
...
...

Access Control Lists (ACL):

Access Control Lists (ACLs) are applied to files and directories. ACL behavior is defined by IEEE's POSIX 1003.1e draft and supports control/access of signals, TCP/IP ports (below 1024), raw sockets, ... ACLs are an addition to the standard Unix file permissions (r,w,x,-) for User, Group, and Other for read, write, execute and deny permissions. ACLs give users and administrators flexibility and direct fine-grained control over who can read, write, and execute files.

The Linux 2.6 kernel (beginning with Fedora Core 2) supports ACLs for EXT2, EXT3, XFS, JFS, and ReiserFS file systems.

Support may not be available on your version of NIS and may only work on local file systems.

Configuration for allowing the use of ACL on a filesystem:
File: /etc/fstab 
...
...
LABEL=/home             /home                   ext3    rw,acl          1 2
...
...
Note:
  • Note the addition of the attribute "acl" for the filesystem "/home/".
  • Issue the following commands:
    • umount /home
    • Edit the file /etc/fstab and add the directive "acl".
    • mount /home
    or remount the command: mount -v -o remount /home which works on a drive even if in use.

ACL commands:
  • Assign ACL group permission read/write (rw) to a single group: setfacl -m g:groupname:rw- filename
    Option -m : Modify the ACL
  • Assign ACL group permission read/write (rw) to a single user: setfacl -m u:userid:rw- filename
  • List ACL permissions: getfacl filename
  • Remove ACL from a file: setfacl --remove-all filename

Man pages:
  • getfacl - get file access control lists
  • setfacl - set file access control lists
  • ls - show files which have acces control lists applied ("+" sign in last collumn)
    Example: -rw-rw-r--+

Label:

Wine on Fedora

9:32 AM / Diposting oleh Sharing IT / komentar (0)

Wine adalah sebuah anggur yang memabukkan untuk LInux..supaya aplikasi yang biasanya running di windows bisa running juga di Linux (Tidak semua bisa, tapi sebagian besar bisa!).
Untuk selengkapnya baca di :
http://www.winehq.org/
Berikut ini hasil yang sudah pernah saya kerjakan :
[root@TestSvrMIS wine-1.0.1]# http_proxy=192.168.0.59:3128 <<= set proxy
[root@TestSvrMIS wine-1.0.1]# export http_proxy
[root@TestSvrMIS wine-1.0.1]# yum install wine
Loading "installonlyn" plugin
Setting up Install Process
Parsing package install arguments
fedora 100% |=========================| 2.1 kB 00:00
updates 100% |=========================| 2.3 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package wine.i386 0:1.0-0.3.rc3.fc7 set to be updated
--> Processing Dependency: wine-capi = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-jack = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-core = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-esd = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-twain = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-ldap = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-cms = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-nas = 1.0-0.3.rc3.fc7 for package: wine
--> Processing Dependency: wine-tools = 1.0-0.3.rc3.fc7 for package: wine
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package wine-cms.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-twain.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-tools.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-esd.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-capi.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-core.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-ldap.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-jack.i386 0:1.0-0.3.rc3.fc7 set to be updated
---> Package wine-nas.i386 0:1.0-0.3.rc3.fc7 set to be updated
--> Processing Dependency: jack-audio-connection-kit for package: wine-jack
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package jack-audio-connection-kit.i386 0:0.103.0-1.fc7 set to be updated
--> Processing Dependency: libfreebob.so.0 for package: jack-audio-connection-kit
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package libfreebob.i386 0:1.0.3-1.fc7 set to be updated

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
wine i386 1.0-0.3.rc3.fc7 updates 21 k
Installing for dependencies:
jack-audio-connection-kit i386 0.103.0-1.fc7 updates 139 k
libfreebob i386 1.0.3-1.fc7 fedora 154 k
wine-capi i386 1.0-0.3.rc3.fc7 updates 26 k
wine-cms i386 1.0-0.3.rc3.fc7 updates 41 k
wine-core i386 1.0-0.3.rc3.fc7 updates 11 M
wine-esd i386 1.0-0.3.rc3.fc7 updates 35 k
wine-jack i386 1.0-0.3.rc3.fc7 updates 37 k
wine-ldap i386 1.0-0.3.rc3.fc7 updates 89 k
wine-nas i386 1.0-0.3.rc3.fc7 updates 24 k
wine-tools i386 1.0-0.3.rc3.fc7 updates 601 k
wine-twain i386 1.0-0.3.rc3.fc7 updates 47 k

Transaction Summary
=============================================================================
Install 12 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 12 M
Is this ok [y/N]: y
Downloading Packages:
(1/12): libfreebob-1.0.3- 100% |=========================| 154 kB 00:03
(2/12): wine-nas-1.0-0.3. 100% |=========================| 24 kB 00:00
(3/12): wine-jack-1.0-0.3 100% |=========================| 37 kB 00:02
(4/12): wine-ldap-1.0-0.3 100% |=========================| 89 kB 00:02
(5/12): wine-core-1.0-0.3 100% |=========================| 11 MB 03:15
(6/12): wine-capi-1.0-0.3 100% |=========================| 26 kB 00:01
(7/12): wine-esd-1.0-0.3. 100% |=========================| 35 kB 00:00
(8/12): wine-tools-1.0-0. 100% |=========================| 601 kB 00:10
(9/12): wine-twain-1.0-0. 100% |=========================| 47 kB 00:01
(10/12): jack-audio-conne 100% |=========================| 139 kB 00:02
(11/12): wine-1.0-0.3.rc3 100% |=========================| 21 kB 00:00
(12/12): wine-cms-1.0-0.3 100% |=========================| 41 kB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: wine-core ####################### [ 1/12]
Installing: wine-cms ####################### [ 2/12]
Installing: wine-twain ####################### [ 3/12]
Installing: wine-tools ####################### [ 4/12]
Installing: wine-esd ####################### [ 5/12]
Installing: wine-capi ####################### [ 6/12]
Installing: wine-ldap ####################### [ 7/12]
Installing: wine-nas ####################### [ 8/12]
Installing: libfreebob ####################### [ 9/12]
Installing: jack-audio-connection-kit ####################### [10/12]
Installing: wine-jack ####################### [11/12]
Installing: wine ####################### [12/12]

Installed: wine.i386 0:1.0-0.3.rc3.fc7
Dependency Installed: jack-audio-connection-kit.i386 0:0.103.0-1.fc7 libfreebob.i386 0:1.0.3-1.fc7 wine-capi.i386 0:1.0-0.3.rc3.fc7 wine-cms.i386 0:1.0-0.3.rc3.fc7 wine-core.i386 0:1.0-0.3.rc3.fc7 wine-esd.i386 0:1.0-0.3.rc3.fc7 wine-jack.i386 0:1.0-0.3.rc3.fc7 wine-ldap.i386 0:1.0-0.3.rc3.fc7 wine-nas.i386 0:1.0-0.3.rc3.fc7 wine-tools.i386 0:1.0-0.3.rc3.fc7 wine-twain.i386 0:1.0-0.3.rc3.fc7
Complete!
[root@TestSvrMIS wine-1.0.1]#

Selesai

Label:
Subscribe to: Posts (Atom)