LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 09-21-2012, 05:47 PM   #1
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Rep: Reputation: 31
setfacl changes group permissions; giving another user rw permissions


i have a file:

Code:
ls -l ./file.php
-rw-r-----+ 1 me me 53762  ./file.php
i need to keep this file with permissions 640 for the sake of the web server.

but i also need to give rw (6) permissions to another user on the system.

so i tried this:

Code:
setfacl -n -m u:me2:rw ./file.php
so far so good. 640 permissions retained:
Code:
ls -l ./file.php
-rw-r-----+ 1 me me 53762 ./file.php
but:
Code:
getfacl ./file.php
# file: file.php
# owner: me
# group: me
user::rw-
user:me2:rw-			#effective:r--
group::r--
mask::r--
other::---

crap. ok, well, we'll try without the -n tag:

Code:
setfacl -m u:me2:rw ./file.php
OK, looking ok with the user permissions:

Code:
getfacl ./file.php
# file: file.php
# owner: me
# group: me
user::rw-
user:me2:rw-
group::r--
mask::rw-
other::---

D'oh! permissions have been changed:

Code:
ls -l ./file.php
-rw-rw----+ 1 me me 53762 ./file.php
so, my question is, how do i give this user read-write access to this file without changing the base permissions (640)?

Last edited by secretlydead; 09-21-2012 at 08:12 PM.
 
Old 09-22-2012, 03:13 PM   #2
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
The output is misleading. If the an ACL mask is present, it will no longer show the rights of the group, but the ACL mask entry. Hence it will give a hint, what maximum permission is granted to someone else besides the owner.

Itís outlined in man ACL paragraph CORRESPONDENCE BETWEEN ACL ENTRIES AND FILE PERMISSION BITS.

Last edited by Reuti; 09-22-2012 at 03:38 PM. Reason: Changed formatting to avoid shouting.
 
Old 09-22-2012, 04:43 PM   #3
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Original Poster
Rep: Reputation: 31
the manual states:

If the ACL has an ACL_MASK
entry, the group permissions correspond to the permissions of the
ACL_MASK entry.

and:

ACL_MASK The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.


So, in other words, it seems impossible to keep 640 rights on a file and also add a user with setfacl with rw permissions.

Is there another way to do this? (Keep permissions at 640 and grant rw access to another user?)
 
Old 09-22-2012, 05:11 PM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
The output changed. Did you try to have a user with “user”/“group” being “foobar”/“me” and write to the file?
 
Old 09-22-2012, 11:12 PM   #5
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Original Poster
Rep: Reputation: 31
The "user/group" that was executing all the setfacl commands was "me/me".

Last edited by secretlydead; 09-22-2012 at 11:23 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 02:03 PM
Giving user/group permissions to read&write Windows partitions? zaqwe Slackware 3 08-26-2007 11:07 AM
Giving Permissions to a group.... ewhazelwood Linux - General 1 12-07-2004 02:26 PM
user permissions giving me annoyances hypermegachi Slackware 3 11-01-2003 02:48 PM
Giving a user all root permissions ranixlb Linux - Security 9 05-15-2002 12:50 PM


All times are GMT -5. The time now is 05:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration