Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have 2 users under same group (primary group) and i want to give 777 permissions on a directory to one dir owned by user1 when granted i can see than from getfacl but when i actually login as user2 i can touch a file .
=====================================================================
--Logged as euser
$ id euser
uid=54325(euser) gid=54323(grpi) groups=54323(grpi)
$ ls -ld logs
drwxr-xr-x 2 euser grpi 4096 Sep 21 00:17 logs ## Logs dir has 755 permissions
$ setfacl -m d:u:guser:rwx,d:m:rwx logs ## Want to set ACL only to user -> guser (777)
$ touch a
touch: cannot touch `a': Permission denied
===================================================================
Also to note when i make ACL's i dont want to see 775 becuase if it shows 775 then ther is no meaning to ACL
As far as the ACL there are 2 kinds of rules, 'access' rules and 'default' rules.
These rules are access information for a single file or directory.
I'm pretty sure that a default ACL pertains to one directory only.
I have never changed the ACL so it's best to wait for a member that knows how on that.
As per our protocal we are not allowed to use 775 (for audit purpose) so is the reason we want to give user2 777 permissions on dir owned by user1. So is the reason want to take use of ACL.
before ACL its 755 and after ACL i want it to be 755+ (internally that should allow user2 to read/write/exec on that dir.)
As per our protocal we are not allowed to use 775 (for audit purpose) so is the reason we want to give user2 777 permissions on dir owned by user1. So is the reason want to take use of ACL.
before ACL its 755 and after ACL i want it to be 755+ (internally that should allow user2 to read/write/exec on that dir.)
Thats all my intention.
Understood-
The setfacl utility sets ACLs for files and directories. Use the -m option to add or modify the ACL of a file or directory:
Ohh, yeah.. And have you cd-ed into the directory before running touch (since from what you've shown us, you didn't)... Again, since I can't see any problems in the ACL I'm looking for simple mistakes (god knows we all do them)
If I do this .... setfacl -m u:guser:rwx,m:rwx log my permissions are changing to 775 which doesnot make any sense to set ACL because ACL will internally make 775 but it openly shows permissions
--- instead of strugling with ACL i can easily do 775 then what is the benefit of ACL and as said our protocal is not to give 775 manually. So we want to use ACL so that it shows 755 but the user should be able to write. So is the reason am struggling.
say that any new file created after these permissions were applied get 644 plus guser gets 6 (rwx) (and mask is set to 6 -- rwx-- to allow this).. So guser is able to edit those any new file by default, no matter who owns them... However, he does not have effective write permissions in the directory.. So he cannot add or remove (unlink) files in that directory..
Running my commands will do nothing but allow the user "guser" to add or remove files from the directory (mask is not an effective permission) and will not modify your normal 755 permission.
Basically, right now you can have euser touch a file.. and then see how guser can modify it by default (even if the file will still have no-write for group and other).. However guser cannot write to the directory, so he can't add or remove any files..
P.S. It seems the 'ls' output is confusing.. However, the directory is still 755:
Code:
smokey@desk:/home$ getfacl log
# file: log
# owner: smokey
# group: users
user::rwx
user:test:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:test:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
smokey@desk:/home$ ls -ld log
drwxrwxr-x+ 1 smokey users 2 Sep 29 17:41 log
smokey@desk:/home$ sudo su test
test@desk:/home$ cd log
test@desk:/home/log$ touch b
test@desk:/home/log$ cd ..
test@desk:/home$ exit
exit
smokey@desk:/home$ sudo su test2
test2@desk:/home$ cd log
test2@desk:/home/log$ touch c
touch: cannot touch 'c': Permission denied
Last edited by Smokey_justme; 09-29-2014 at 10:46 AM.
--This is Original
$ ls -ld logs
drwxr-xr-x 2 euser grpi 96 Sep 29 10:30 logs/
$ setfacl -m u:guser:rwx,m::rwx logs/
$ ls -ld logs/
drwxrwxr-x+ 2 euser grpi 96 Sep 29 10:30 logs/ #<<<< It Shows as 775 my question is what is the benefit am getting with ACL and i can get this with chmod 775
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.