LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 09-21-2012, 06:47 PM   #1
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Rep: Reputation: 31
setfacl changes group permissions; giving another user rw permissions


i have a file:

Code:
ls -l ./file.php
-rw-r-----+ 1 me me 53762  ./file.php
i need to keep this file with permissions 640 for the sake of the web server.

but i also need to give rw (6) permissions to another user on the system.

so i tried this:

Code:
setfacl -n -m u:me2:rw ./file.php
so far so good. 640 permissions retained:
Code:
ls -l ./file.php
-rw-r-----+ 1 me me 53762 ./file.php
but:
Code:
getfacl ./file.php
# file: file.php
# owner: me
# group: me
user::rw-
user:me2:rw-			#effective:r--
group::r--
mask::r--
other::---

crap. ok, well, we'll try without the -n tag:

Code:
setfacl -m u:me2:rw ./file.php
OK, looking ok with the user permissions:

Code:
getfacl ./file.php
# file: file.php
# owner: me
# group: me
user::rw-
user:me2:rw-
group::r--
mask::rw-
other::---

D'oh! permissions have been changed:

Code:
ls -l ./file.php
-rw-rw----+ 1 me me 53762 ./file.php
so, my question is, how do i give this user read-write access to this file without changing the base permissions (640)?

Last edited by secretlydead; 09-21-2012 at 09:12 PM.
 
Old 09-22-2012, 04:13 PM   #2
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
The output is misleading. If the an ACL mask is present, it will no longer show the rights of the group, but the ACL mask entry. Hence it will give a hint, what maximum permission is granted to someone else besides the owner.

Itís outlined in man ACL paragraph CORRESPONDENCE BETWEEN ACL ENTRIES AND FILE PERMISSION BITS.

Last edited by Reuti; 09-22-2012 at 04:38 PM. Reason: Changed formatting to avoid shouting.
 
Old 09-22-2012, 05:43 PM   #3
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Original Poster
Rep: Reputation: 31
the manual states:

If the ACL has an ACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK entry.

and:

ACL_MASK The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.


So, in other words, it seems impossible to keep 640 rights on a file and also add a user with setfacl with rw permissions.

Is there another way to do this? (Keep permissions at 640 and grant rw access to another user?)
 
Old 09-22-2012, 06:11 PM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
The output changed. Did you try to have a user with “user”/“group” being “foobar”/“me” and write to the file?
 
Old 09-23-2012, 12:12 AM   #5
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Original Poster
Rep: Reputation: 31
The "user/group" that was executing all the setfacl commands was "me/me".

Last edited by secretlydead; 09-23-2012 at 12:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 03:03 PM
Giving user/group permissions to read&write Windows partitions? zaqwe Slackware 3 08-26-2007 12:07 PM
Giving Permissions to a group.... ewhazelwood Linux - General 1 12-07-2004 03:26 PM
user permissions giving me annoyances hypermegachi Slackware 3 11-01-2003 03:48 PM
Giving a user all root permissions ranixlb Linux - Security 9 05-15-2002 01:50 PM


All times are GMT -5. The time now is 11:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration