LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   ACLs, chmod and group permissions (http://www.linuxquestions.org/questions/linux-server-73/acls-chmod-and-group-permissions-909484/)

hewbert 10-22-2011 02:40 AM

ACLs, chmod and group permissions
 
Hello,

I'm trying to use ACLs to give a specific group full, recursive read access to a directory and its files.

I've been successful, but noticed one caveat that may be expected behavior - if the file's owner uses chmod (e.g. chmod 600), the ACL group loses access. This does make sense, but ideally, the desired group(s) in the ACLs would retain their access.

I'd like to avoid having users lock certain groups specified using ACLS out of things by using something such as 'chmod 600'.

I've messed with setting the default mask and such, but chmod seems to trump whatever I'm doing (which, I understand, is likely expected).

Am I missing something, or are there any suggestions on how to acheive what I'm after? Short of a cron job to 'fix' ACLs in such locations, I'm not sure. I guess what I'm after is ACL inheritance, which ext3 doesn't seem to support(?)

Though it's currently an ext3 file system, it's not too late to change to something that might have better ACL implementation.

Thanks!

Here's an example of what I'm doing:
Code:

% mkdir test
% setfacl -R -m d:g:sysops:rwx test
% getfacl --omit-header test
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:sysops:rwx
default:mask::rwx
default:other::r-x

% touch test/testfile
% getfacl test/testfile
user::rw-
group::r-x            #effective:r--
group:sysops:rwx    #effective:rw-
mask::rw-
other::r--

% chmod 600 test/testfile
% getfacl test/testfile
user::rw-
group::r-x            #effective:---
group:sysops:rwx    #effective:---
mask::---
other::---


arun5002 10-22-2011 03:10 AM

How to enable particular group should have root priviledge for particular directory
 
hi

useradd -d /opt ecare
setfacl -m u:ecare:rwx /opt
useradd access
groupadd access
usermod -g access access
chmod 755 /opt

im not sure it will help me ur not

hewbert 10-24-2011 01:49 PM

Quote:

Originally Posted by arun5002 (Post 4505017)
hi

useradd -d /opt ecare
setfacl -m u:ecare:rwx /opt
useradd access
groupadd access
usermod -g access access
chmod 755 /opt

im not sure it will help me ur not

Thanks for the response, but that won't solve the issue.


All times are GMT -5. The time now is 02:56 PM.