ACLs work on my CentOS server without enabling on the file system as documented
Hi,
I'm trying to teach myself Linux using the RHCSA/RHCE Redhat Linux Certifiation Guide. I'm working through the section on ACLs and I'm not experiencing the behaviour on my CentOS server as described in the guide and would appreciate someone's guidance on this please. The guide states "Before a file or directory can be configured with ACLs, you need to mount the associated filesystem with the same attribute." e.g.Whilst exploring this feature I have been able to set acls on directories and files in filesystems that haven't been mounted with the acl option, for example: [root@test ~]# pwdIs anyone able to offer any guidance on this? I've trawled the internet and already searched this forus but can't get an answer. Regards Gareth |
Are you trying this inside a KVM virtual machine? There just seems to be some inconsistencies in your post like:
Code:
# mount -o remount -o acl /dev/sda3 /home Code:
[root@test ~]# df -h . |
Apologies if the discrepancy between the examples caused confusion. Yes I am using a KVM VM, however, the first example was from the study guide I'm using. Here's some more output to show what I'm experiencing:
# df -h . Filesystem Size Used Avail Use% Mounted on /dev/vda5 6.0G 1.8G 3.9G 31% / # mount /dev/vda5 on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") /dev/vda1 on /boot type ext4 (rw) /dev/vda3 on /home type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) # setfacl -m u:gareth:rwx /root # getfacl /root getfacl: Removing leading '/' from absolute path names # file: root # owner: root # group: root user::r-x user:gareth:rwx group::r-x mask::rwx other::--- |
I don't know where the acl's are stored but just because you can set them and get them it does not mean that they are active.
Did you try to access the /root directory with the user gareth? Did it succed? |
In the output of your "mount" command none of the mount points were mounted with the acl option turned on. So my question would be, the partition where /root lives, has it been mounted with the -o remount,acl option before?
Do the acls actually work ? I know you can set them and get them but are they actually doing what they say they should? Ie while logged in as gareth can you do a "cd /root; ls"? Just read the post above mine, we pretty much said the same thing. |
With tune2fs you can define defaults which are used during mount. Does the output of:
Code:
# tune2fs -l /dev/sda3 | grep -i acl |
Problem solved.
Thanks for everyone's responses. As Reuti mentions some file systems have acl enabled by default as is the case on my system. Code:
# tune2fs -l /dev/vda5 I tried setting an acl on filesystem that didn't have acls enabled by default and I got this error: Code:
# setfacl -m u:test:rwx /acltest |
Glad someone posted the answer.
For as long as I can remember, Anaconda (the installer for RHT distros) has embedded the acl option in all the filesystems it creates. Aside: If you're learning linux via Red Hat, you should really take advantage of Red Hat's expansive documentation in the form of guides, e.g. the Installation Guide, the Deployment Guide, etc. (Oddly enough though, tune2fs isn't mentioned there, despite being covered in Red Hat's training courses.) |
Actually, it does mention in one of the RHEL manuals, that by default ACLs are enabled on all disks present at INSTALLATION time.
Any other disks added (or created if using eg LVMs), will NOT have ACLs enabled by default. tune2fs is indeed the tools to check. Even if 'acl' is mentioned in fstab, it doesn't actually have to be enabled; its just a wish list.. :) |
Quote:
|
All times are GMT -5. The time now is 09:05 AM. |