LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-22-2005, 09:04 PM   #1
mikemrh9
Member
 
Registered: Nov 2003
Distribution: Arch
Posts: 136

Rep: Reputation: 21
Default ACL and permissions inheritance


Hi.

Im currently trying to get my head around using setfacl to set default permissions on a directory. I'm happy with most of it except for the fact that I cant get the execute permission to be inherited to files. I think I know why this is happening, but I would like to circumvent it.

i have created a directory 'parent' and set a default ACL on it as follows:

linux:/tmp # mkdir parent
linux:/tmp # setfacl -d -m user:mike:rwx parent

This gives the result:

linux:/tmp # getfacl parent
# file: parent
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:mike:rwx
default:group::r-x
default:mask::rwx
defaultther::r-x

So far, so good. If I create a subdirectory, all the default ACLs are inherited as expected. My question arises from the permissions granted on creation of a file in the directory 'parent':

linux:/tmp # cd parent
linux:/tmp/parent # touch script1

As far as I understand it, the umask value for the rest of the system (0022 on my box) is ignored because of the ACL inheritance from 'parent', and the new file (script1) is created with a mode of 0666. Permissions not contained in this mode value (ie 'x') are removed from the mask for the file. This means that the new mask for the file is set to rw-, leaving the following result:

linux:/tmp/parent # getfacl script1
# file: script1
# owner: root
# group: root
user::rw-
user:mike:rwx #effective:rw-
group::r-x #effective:r--
mask::rw-
other::r--

Because of this removal of the 'x' permission in the mask, mike now only has rw- to script1.
As the directory 'parent' will contain scripts that mike will be running, I would like mike to have 'x' permissions to all files in it.

Which brings me to my question:

Is there a way I can set the default ACL on 'parent' to give mike (and not members of 'users') 'rwx' to all files created in 'parent'?

I think that the right result could be achieved by setting the SUID or GUID bits, and removing all rights for 'other'. However, as I'm on a mission to understand the use of setfacl, I would like to know if it's possible to inherit the 'x' permission to files.

It may be that I can't see the wood for the trees, as I've been on this for a while now and my head is mashed!!

Mike.
 
Old 06-22-2005, 09:44 PM   #2
mikemrh9
Member
 
Registered: Nov 2003
Distribution: Arch
Posts: 136

Original Poster
Rep: Reputation: 21
Upon further investigation, my solution of using SUID or GUID bits doesn't work anway, as setfacl only appears to let you set 'rwx'. If you try 'rws' or 'rwS', it just throws a wobbly!
 
Old 02-18-2014, 12:14 PM   #3
faitrien
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Rep: Reputation: Disabled
I need to be able to make the created file rwx

did you ever get this resolved? I'm going nuts trying to find an answer to changing the mask on files that will be created in a directory and cannot seem to find the right way to use setfacl. I put in a new thread on it and had very little response. Here's the link to the thread I posted

http://www.linuxquestions.org/questi...175495231-new/
 
Old 02-18-2014, 12:47 PM   #4
mikemrh9
Member
 
Registered: Nov 2003
Distribution: Arch
Posts: 136

Original Poster
Rep: Reputation: 21
Hi there.

I'm afraid that post was nearly 9 years ago and I really can't remember what I did in the end. I don't work in IT any more, so am a bit rusty to say the least. I would suggest that you try asking your question in the Arch Linux forums - there are a lot of knowledgeable and helpful people in there and somebody may be able to point you in the right direction.

All the best...
 
Old 02-18-2014, 12:57 PM   #5
faitrien
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Rep: Reputation: Disabled
Cheers Mike!

Thanks anyway
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
default permissions crane Linux - Security 1 01-01-2005 01:36 PM
acl permissions linuxtesting2 Linux - General 0 10-25-2004 03:18 PM
default files and folder acl permissions Baltasar Fedora 4 08-30-2004 01:50 PM
what are the default permissions figmentium Linux - Newbie 4 12-25-2003 07:50 AM
Need someone to let me know certain default permissions. Nu-Bee Linux - General 2 11-27-2003 08:07 PM


All times are GMT -5. The time now is 12:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration