LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-30-2012, 11:38 AM   #1
Joan Murt
LQ Newbie
 
Registered: Jul 2006
Posts: 14

Rep: Reputation: 0
Question setfacl not working for me... how should I do it?


Hello all,

I'm using RED HAT ENTERPRISE LINUX 5.

Let's look at this folder layout:

-A
|--B
|--C
|--D
|--E


Let's say that the group G1 has access to the A folder (and all the subfolders).

I have a long samba definition file that uses groups to allow various people to reach folders.

The samba portion that affects the folder A is:

[A]
path = /A
browseable = no
valid users = @G1
write list = @G1
create mask = 0770
directory mask = 0770
force group = @G1
I need to exclude the folders B and C for one user of that group. Is that possible?

I've been trying to use setfacl -x u:user_to_be_excluded /A/B but as the user_to_be_excluded is from the group G1 setfacl is not working...

I've modified the fstab file in order to activate the acl:

LABEL=/A /A ext3 defaults,acl 1 2

And I've restarted the computer.

and I've used mount |grep acl to see that the changes in the fstab file have been applied (and they are).

What would you do in my case?

Thank you in advance!
 
Old 03-31-2012, 08:59 AM   #2
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 722

Rep: Reputation: 142Reputation: 142
Next time after adding the acl to fstab, you can simply run:

#mount -o remount /mount_dir

Next up.

The -x you specify will remove a specific ACL entry. Since you did not make a ACL for the specific user, there is nothing to remove for that user.

Try #setfacl -R -m u:user:--- /path/to/dir

then check with #getfacl

But considering this is SAMBA related, I am not sure it will work. I have never tested it. I know for a fact that this sort of ACL schemes will work with NFS4.

You may want to look at controlling those aspects from the samba server itself, maybe by specifying rules to allow access to those folders on a host based authentication scheme.

Last edited by ericson007; 03-31-2012 at 09:06 AM.
 
Old 04-01-2012, 05:34 AM   #3
Joan Murt
LQ Newbie
 
Registered: Jul 2006
Posts: 14

Original Poster
Rep: Reputation: 0
could you explain that a little bit more?

Quote:
Originally Posted by ericson007 View Post
You may want to look at controlling those aspects from the samba server itself, maybe by specifying rules to allow access to those folders on a host based authentication scheme.
I'm really novice and I can't imagine how to do that, it seems that when I set the samba permissions for a group in which that user is I can't remove it specifically for the next folders...

Could you give me some pointers on how to do that? Thank you in advance!
 
Old 04-01-2012, 05:47 AM   #4
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 722

Rep: Reputation: 142Reputation: 142
I am not that familiar with advanced samba configurations either as I never really use it apart from sharing internally.

But you can try changing the share in samba.conf:

[share_name]
path = /path/to/folder
and add
invalid users = user1 user2 etc

The following links may be useful:
http://www.samba.org/samba/docs/man/...html#id2611921
http://www.cyberciti.biz/tips/how-do...ba-shares.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setfacl problem priyankgupta1984 Linux - Desktop 3 11-16-2011 06:03 PM
setfacl undoes itself senseproof Linux - Software 3 05-11-2009 10:39 PM
setfacl erat123 Linux - Security 2 05-31-2007 12:16 AM
setfacl linuxjamil Linux - Security 1 04-05-2007 03:00 PM
Setfacl subaruwrx Fedora 3 09-07-2004 10:18 AM


All times are GMT -5. The time now is 09:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration