LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-22-2011, 03:40 AM   #1
hewbert
LQ Newbie
 
Registered: Nov 2003
Location: Rapid City, SD
Posts: 3

Rep: Reputation: Disabled
ACLs, chmod and group permissions


Hello,

I'm trying to use ACLs to give a specific group full, recursive read access to a directory and its files.

I've been successful, but noticed one caveat that may be expected behavior - if the file's owner uses chmod (e.g. chmod 600), the ACL group loses access. This does make sense, but ideally, the desired group(s) in the ACLs would retain their access.

I'd like to avoid having users lock certain groups specified using ACLS out of things by using something such as 'chmod 600'.

I've messed with setting the default mask and such, but chmod seems to trump whatever I'm doing (which, I understand, is likely expected).

Am I missing something, or are there any suggestions on how to acheive what I'm after? Short of a cron job to 'fix' ACLs in such locations, I'm not sure. I guess what I'm after is ACL inheritance, which ext3 doesn't seem to support(?)

Though it's currently an ext3 file system, it's not too late to change to something that might have better ACL implementation.

Thanks!

Here's an example of what I'm doing:
Code:
% mkdir test
% setfacl -R -m d:g:sysops:rwx test
% getfacl --omit-header test
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:sysops:rwx
default:mask::rwx
default:other::r-x

% touch test/testfile
% getfacl test/testfile
user::rw-
group::r-x	    #effective:r--
group:sysops:rwx    #effective:rw-
mask::rw-
other::r--

% chmod 600 test/testfile
% getfacl test/testfile
user::rw-
group::r-x	    #effective:---
group:sysops:rwx    #effective:---
mask::---
other::---
 
Old 10-22-2011, 04:10 AM   #2
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
How to enable particular group should have root priviledge for particular directory

hi

useradd -d /opt ecare
setfacl -m u:ecare:rwx /opt
useradd access
groupadd access
usermod -g access access
chmod 755 /opt

im not sure it will help me ur not

Last edited by arun5002; 10-22-2011 at 04:17 AM.
 
Old 10-24-2011, 02:49 PM   #3
hewbert
LQ Newbie
 
Registered: Nov 2003
Location: Rapid City, SD
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by arun5002 View Post
hi

useradd -d /opt ecare
setfacl -m u:ecare:rwx /opt
useradd access
groupadd access
usermod -g access access
chmod 755 /opt

im not sure it will help me ur not
Thanks for the response, but that won't solve the issue.
 
  


Reply

Tags
acl, chmod, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is Unix permissions and ACLs nec207 Linux - Security 5 08-16-2011 06:55 AM
ACLs, default permissions, directories and files hydraMax Linux - Security 11 01-12-2011 07:19 AM
ACLs: Extended file-permissions reptiler LinuxAnswers Discussion 0 07-27-2009 02:30 PM
help with permissions without using ACLs ehco2121 Linux - Newbie 1 02-09-2008 07:07 PM
Trouble understanding chmod & group permissions gen-ik Linux - Newbie 3 07-19-2004 02:51 PM


All times are GMT -5. The time now is 07:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration