LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   ACLS on group (http://www.linuxquestions.org/questions/linux-security-4/acls-on-group-4175450828/)

Vimuth 02-19-2013 01:03 PM

ACLS on group
 
Hi All,
I have a group called "friends" with user "vimuth" and "duke" as it's members. As a root I have created a directory /iscsi. I want to set let the members of group friends to create files inside the /iscsi directory. Following is what I tried.
Code:

setfacl -m d:g:friends:rwx /iscsi
the permissions have been applied as follows
Code:

[root@rhce-client ~]# getfacl /iscsi
getfacl: Removing leading '/' from absolute path names
# file: iscsi
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:friends:rwx
default:mask::rwx
default:other::r-x

Now when i try to touch a file in /iscsi as a member of the group friends (either as vimuth and duke) I get the permission denied error.
Code:

[vimuth@rhce-client ~]$ touch /iscsi/llll
touch: cannot touch `/iscsi/llll': Permission denied
[vimuth@rhce-client ~]$

PLease can someone help me. PLease provide me with the right acl statements

Many thanks in advance.

/Vimuth

wadhah102 02-20-2013 02:46 PM

Hi,

you can use the commande chown, but first you should create the group friends and add users to this group.

Code:

groupadd friends
groupmod -A vimuth friends
groupmod -A duke friends

then change the groups of your directory:

Code:

chown -R :friends /iscsi
the last step give read,write & execute privilege of your group, choose one the two solution:


Code:

chmod -R g=rwx /iscsi
or
Code:

chmod -R 770 /iscsi
Best Regards :)

Vimuth 02-21-2013 11:43 AM

Hey Wad, thanks for the reply. However it is not the regular file permissions Im looking for but ACLS. You could do much more with ACLS. You too must learn it. :)

wadhah102 02-22-2013 03:21 PM

Hi,
Thnks for your advice :hattip:

the firt step edit /etc/fstab file and change the default parameter to rw,acl

Code:

LABEL=/iscsi            /iscsi                  ext3    rw,acl          1 2
then reboot
Code:

# reboot
Second, i think you shoud modify it with:

Code:

#usermod -a -G friends vimuth
#usermod -a -G friends duke
#chgrp group1 /iscsi
#chmod g+w /iscsi

then enable ACL by using setfacl command:

Code:

#setfacl --set u::rwx,g::rwx,o::- /iscsi
Finaly, set the ACL:

Code:

#setfacl -d --set u::rwx,u:duke:rwx,g::rwx,g:friends:rwx,o::- /iscsi
Best Regards :)


All times are GMT -5. The time now is 03:29 AM.