LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-19-2013, 01:03 PM   #1
Vimuth
Member
 
Registered: Sep 2009
Posts: 56

Rep: Reputation: 15
ACLS on group


Hi All,
I have a group called "friends" with user "vimuth" and "duke" as it's members. As a root I have created a directory /iscsi. I want to set let the members of group friends to create files inside the /iscsi directory. Following is what I tried.
Code:
setfacl -m d:g:friends:rwx /iscsi
the permissions have been applied as follows
Code:
[root@rhce-client ~]# getfacl /iscsi
getfacl: Removing leading '/' from absolute path names
# file: iscsi
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:friends:rwx
default:mask::rwx
default:other::r-x
Now when i try to touch a file in /iscsi as a member of the group friends (either as vimuth and duke) I get the permission denied error.
Code:
[vimuth@rhce-client ~]$ touch /iscsi/llll
touch: cannot touch `/iscsi/llll': Permission denied
[vimuth@rhce-client ~]$
PLease can someone help me. PLease provide me with the right acl statements

Many thanks in advance.

/Vimuth
 
Old 02-20-2013, 02:46 PM   #2
wadhah102
LQ Newbie
 
Registered: Apr 2011
Location: Tunis, Tunisia
Distribution: Ubuntu/Debian/CentOS
Posts: 14

Rep: Reputation: 0
Hi,

you can use the commande chown, but first you should create the group friends and add users to this group.

Code:
groupadd friends
groupmod -A vimuth friends
groupmod -A duke friends
then change the groups of your directory:

Code:
chown -R :friends /iscsi
the last step give read,write & execute privilege of your group, choose one the two solution:


Code:
chmod -R g=rwx /iscsi
or
Code:
chmod -R 770 /iscsi
Best Regards
 
Old 02-21-2013, 11:43 AM   #3
Vimuth
Member
 
Registered: Sep 2009
Posts: 56

Original Poster
Rep: Reputation: 15
Hey Wad, thanks for the reply. However it is not the regular file permissions Im looking for but ACLS. You could do much more with ACLS. You too must learn it.
 
Old 02-22-2013, 03:21 PM   #4
wadhah102
LQ Newbie
 
Registered: Apr 2011
Location: Tunis, Tunisia
Distribution: Ubuntu/Debian/CentOS
Posts: 14

Rep: Reputation: 0
Hi,
Thnks for your advice

the firt step edit /etc/fstab file and change the default parameter to rw,acl

Code:
LABEL=/iscsi             /iscsi                   ext3    rw,acl          1 2
then reboot
Code:
# reboot
Second, i think you shoud modify it with:

Code:
#usermod -a -G friends vimuth 
#usermod -a -G friends duke
#chgrp group1 /iscsi
#chmod g+w /iscsi
then enable ACL by using setfacl command:

Code:
#setfacl --set u::rwx,g::rwx,o::- /iscsi
Finaly, set the ACL:

Code:
#setfacl -d --set u::rwx,u:duke:rwx,g::rwx,g:friends:rwx,o::- /iscsi
Best Regards

Last edited by wadhah102; 02-23-2013 at 12:29 AM. Reason: change policy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
need help regarding ACLs in Squid blackvirus Linux - Newbie 3 02-08-2013 04:09 AM
ACLs, chmod and group permissions hewbert Linux - Server 2 10-24-2011 01:49 PM
Block bitmap for group 416 not in group (block 0) + group descriptors corrupted? quanta Linux - Server 1 12-08-2010 10:40 AM
squid acls ikinnu Linux - Networking 2 08-25-2007 04:24 PM
Group Admin, Group Root, or God over Group crickett Linux - General 5 07-12-2004 04:01 PM


All times are GMT -5. The time now is 04:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration