LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (http://www.linuxquestions.org/questions/red-hat-31/)
-   -   setfacl to provide user access to /var/log does not work (http://www.linuxquestions.org/questions/red-hat-31/setfacl-to-provide-user-access-to-var-log-does-not-work-4175448926/)

Curiosity42 02-06-2013 02:42 PM

setfacl to provide user access to /var/log does not work
 
I would like to give normal user (securityoperator1) group (securityoperator) access to the directory /var/log and in detail to the files messages, secure, etc...

I executed the following commands:

Code:

setfacl -R -m u:securityoperator1:r--,g:securityoperator:r-- /var/log

cd /var/log

getfacl messages
# file: messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::r--
group:securityoperator:r--
mask::r--
others:---

Now I logged in as user securityoperator1 and tried to list the messages file contents in /var/log and just got an access denied.

What am I missing here? Why does it fail?

unSpawn 02-06-2013 02:51 PM

Quote:

Originally Posted by Curiosity42 (Post 4885775)
Why does it fail?

Directories need execute rights. This ACL would have been way more precise if you would have used
Code:

setfacl -m u:securityoperator1:--x,g:securityoperator:--x /var/log
setfacl -m u:securityoperator1:r--,g:securityoperator:r-- /var/log/messages


Curiosity42 02-06-2013 03:12 PM

I executed both both commands, logged in as securityoperator1 and executed:

Code:

more /var/log/messages
/var/log/messages: Permission denied

Logged in as root and executed:

Code:

getfacl messages
# file: messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::r--
group:securityoperator:r--
mask::r--
others:---

I use RHEL 6.1, ext4 file system and LVM.

unSpawn 02-06-2013 07:10 PM

Quote:

Originally Posted by Curiosity42 (Post 4885791)
Logged in as root and

You've heard about Sudo, right? Besides you can run 'getfacl /var/log/messages' here as unprivileged user.


Quote:

Originally Posted by Curiosity42 (Post 4885791)
I use RHEL 6.1, ext4 file system and LVM.

Distribution or file system doesn't matter as long as it understands attributes (as your getfacl output shows).


Quote:

Originally Posted by Curiosity42 (Post 4885791)
I executed both both commands, logged in as securityoperator1 and executed:
Code:

more /var/log/messages
/var/log/messages: Permission denied


Since there's two items (the directory and the files it contains) it makes sense to list attributes on both (even though /var/log itself should have octal mode 0755 already anyway). If there's no local customization done that could prohibit accessing the file running a verbose strace with a simple 'cat' like 'strace -v -eopen /bin/cat /var/log/messages 2>&1' may show clues.

jschiwal 02-06-2013 08:02 PM

You want both 'r' and 'x' permissions for the /var/log/ directory. Not just x.

AFAIK, if you have the r default bit set, directories also get the x bit set. The eXecutable bit set would a bad default for regular files, but needed for directories. But since /var/log/ and the subdirectories are already created,you need to set both.

Curiosity42 02-07-2013 04:26 AM

@unSpawn
Code:

[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /var/log/messages 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/var/log/messages", O_RDONLY)    = -1 EACCES (Permission denied)
/bin/cat: /var/log/messagesopen("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
: Permission denied
[securityoperator1@LME ~]$

@jschiwal
I tried it, but it does not work either.

unSpawn 02-07-2013 05:47 AM

And 'getfacl /var/log' ?

Curiosity42 02-07-2013 02:33 PM

@unSpawn
I have setup the machine new and started from scratch (with setfacl) and it worked immediately.
Here is the log:

Before I used setfacl
Code:

[root@LME ~]# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[root@LME ~]# getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
group::---
other::---

[root@LME ~]#

Using setfacl to give access rights to securityoperator1
Code:

[root@LME ~]# setfacl -m u:securityoperator1:--x,g:securityoperator:--x /var/log
[root@LME ~]# setfacl -m u:securityoperator1:r--,g:securityoperator:r-- /var/log/messages
[root@LME ~]#

After using setfacl
Code:

[root@LME ~]#
[root@LME ~]# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: root
user::rwx
user:securityoperator1:--x
group::r-x
group:securityoperator:--x
mask::r-x
other::r-x

[root@LME ~]# getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::---
group:securityoperator:r--
mask::r--
other::---

[root@LME ~]#

I do not know what I have done wrong before, but now it works.
Just for completeness the strace log:

Code:

[superuser1@LME ~]$ strace -v -eopen /bin/cat /var/log 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3               
open("/lib64/libc.so.6", O_RDONLY)      = 3               
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3     
open("/var/log", O_RDONLY)              = 3               
/bin/cat: /var/logopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)     
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)   
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)       
: Is a directory                                                                                         
[superuser1@LME ~]$                                                                                       
[superuser1@LME ~]$                                                                                       
[superuser1@LME ~]$ strace -v -eopen /bin/cat /var/log/messages 2>&1                                     
open("/etc/ld.so.cache", O_RDONLY)      = 3                                                               
open("/lib64/libc.so.6", O_RDONLY)      = 3                                                               
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                                     
open("/var/log/messages", O_RDONLY)    = 3                                                               
Feb  7 13:44:01 PPM kernel: imklog 4.6.2, log source = /proc/kmsg started.                               
Feb  7 13:44:01 PPM rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1432" x-info="http://www.rsyslog.com"] (re)start                                                                                                   
Feb  7 13:45:39 PPM rhsm-complianced: This system is missing one or more valid entitlement certificates. Please run subscription-manager for more information.                                                                         
Feb  7 13:46:50 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0         
Feb  7 13:46:51 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0         
Feb  7 13:47:07 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0         
Feb  7 13:47:08 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0

I still have a few questions about setfacl usage:
  1. can I give another user (e.g. securityoperator2) read access too?
  2. can I allocate another user (e.g. localoperator1) in group localoperator read access to the same directory/file too?
  3. can i give all users with the group securityoperator read access independent from the user name?
  4. if I want to have read access for all files in a directory how do I use the setfacl command?
  5. how can I remove access rights (from user or group) that I have given before with setfacl?

Thanks for your support.

unSpawn 02-07-2013 04:18 PM

Quote:

Originally Posted by Curiosity42 (Post 4886472)
I have setup the machine new and started from scratch (with setfacl) and it worked immediately.

That's nice when you can afford it. The downside is there is nothing left to diagnose meaning you have robbed yourself of the learning experience.


Quote:

Originally Posted by Curiosity42 (Post 4886472)
I still have a few questions about setfacl usage

...which can be answered by you reading the setfacl manual page and by testing it. I invite you to reply by answering your own questions and asking only those questions you can't work out for yourself.

Curiosity42 02-08-2013 02:15 PM

@unSpawn

I tried to give the group securityoperator read/write access to the directory /etc/modprobe.d/, but I was not successful. I have done the following:

getfacl before I executed the setfacl command:
Code:

[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/dist.conf
# owner: root
# group: root
user::rw-
group::r--
other::r--

Execution of the setfacl command:
Code:

setfacl -R -m d:g:securityoperator:rw-,g:securityoperator:rw- /etc/modprobe.d
In my opinion it should do the following:
Sets the permissions for all users that belong to the securityoperator group.
Whenever the root user or any user of the securityoperator group creates files
and directories, they will inherit the access attributes.
Additionally the users of the group securityoperator have read/write access to all
existing files in the directory /etc/modprobe.d/

getfacl after I executed the setfacl command:
Code:

[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/
# owner: root
# group: root
user::rwx
group::r-x
group:securityoperator:rw-
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:securityoperator:rw-
default:mask::rwx
default:other::r-x

[securityoperator1@LME ~]$
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/dist.conf
# owner: root
# group: root
user::rw-
group::r--
group:securityoperator:rw-
mask::rw-
other::r--

I opened the file /etc/modprobe.d/dist.conf with vim, but it still is read-only.

Here is a strace of /etc/modprobe.d

Code:

[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /etc/modprobe.d 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/etc/modprobe.d", O_RDONLY)      = 3
/bin/cat: /etc/modprobe.dopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
: Is a directory
[securityoperator1@LME ~]$

Here is a strace of /etc/modprobe.d/dist.conf
Code:

[securityoperator1@LME ~]$ strace -v -eopen /usr/bin/vim /etc/modprobe.d/dist.conf 2>&1
open("/usr/lib64/perl5/CORE/tls/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open("/usr/lib64/perl5/CORE/tls/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                               
open("/usr/lib64/perl5/CORE/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                             
open("/usr/lib64/perl5/CORE/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/etc/ld.so.cache", O_RDONLY)      = 3                                             
open("/lib64/libselinux.so.1", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libncurses.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/lib64/libncurses.so.5", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libacl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libacl.so.1", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libgpm.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/usr/lib64/libgpm.so.2", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libperl.so", O_RDONLY) = 3                                   
open("/usr/lib64/perl5/CORE/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libresolv.so.2", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libutil.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libc.so.6", O_RDONLY)      = 3                                             
open("/usr/lib64/perl5/CORE/libpython2.6.so.1.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                               
open("/usr/lib64/libpython2.6.so.1.0", O_RDONLY) = 3                                     
open("/usr/lib64/perl5/CORE/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libm.so.6", O_RDONLY)      = 3                                             
open("/usr/lib64/perl5/CORE/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libtinfo.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libtinfo.so.5", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/lib64/libpthread.so.0", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libattr.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libattr.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libnsl.so.1", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libcrypt.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libfreebl3.so", O_RDONLY)  = 3                                             
open("/proc/filesystems", O_RDONLY)    = 3                                             
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                     
open("/usr/share/locale/locale.alias", O_RDONLY) = 3                                     
open("/usr/share/vim/vim72/lang/en_US.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                 
open("/usr/share/vim/vim72/lang/en_US.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                 
open("/usr/share/vim/vim72/lang/en_US/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                       
open("/usr/share/vim/vim72/lang/en.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                   
open("/usr/share/vim/vim72/lang/en.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                     
open("/usr/share/vim/vim72/lang/en/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open(".", O_RDONLY)                    = 3                                             
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3                                       
open(".", O_RDONLY)                    = 3                                             
open("/etc/vimrc", O_RDONLY)            = 3                                             
open("/usr/bin/cscope", O_RDONLY|O_NONBLOCK) = 4                                         
open("cscope.out", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)         
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/syntax/syntax.vim", O_RDONLY) = 4                             
open(".", O_RDONLY)                    = 5                                             
open("/usr/share/vim/vim72/syntax/synload.vim", O_RDONLY) = 5                           
open(".", O_RDONLY)                    = 6                                             
open("/usr/share/vim/vim72/syntax/syncolor.vim", O_RDONLY) = 6                           
open(".", O_RDONLY)                    = 5                                             
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 5                                 
open("/home/securityoperator1/.vim/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                 
open("/usr/share/vim/vimfiles/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6 
open("/usr/share/vim/vim72/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                         
open("/usr/share/vim/vimfiles/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6                                                                                     
open("/home/securityoperator1/.vim/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                           
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 4                                 
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/ftplugin.vim", O_RDONLY) = 4                                 
open(".", O_RDONLY)                    = 3                                             
open("/home/securityoperator1/.vimrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/home/securityoperator1/_vimrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open(".", O_RDONLY)                    = 3                                             
open("/home/securityoperator1/.exrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3   
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3   
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3     
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3     
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                   
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                   
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                 
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                 
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/filetype.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/gzip.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/matchparen.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/rrhelper.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/spellfile.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/tarPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/tohtml.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/zipPlugin.vim", O_RDONLY) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.viminfo", O_RDONLY) = 3
[securityoperator1@LME ~]$

I do not know what I have done wrong?

unSpawn 02-09-2013 06:39 AM

See post #5, the directory ACL part? (rwx)

Curiosity42 02-09-2013 10:53 AM

@unSpawn

I executed now the command:
Code:

setfacl -R -m d:g:securityoperator:rwx,g:securityoperator:rwx /etc/modprobe.d
and still have the same problem vim /etc/modprobe.d/dist.conf is read-only.

Here I have the getfacl and the strace, I do not know what is wrong with it.
Code:

[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/               
getfacl: Removing leading '/' from absolute path names           
# file: etc/modprobe.d/                                           
# owner: root                                                     
# group: root                                                     
user::rwx                                                         
group::r-x                                                       
group:securityoperator:rwx                                       
mask::rwx                                                         
other::r-x                                                       
default:user::rwx                                                 
default:group::r-x                                               
default:group:securityoperator:rwx                               
default:mask::rwx                                                 
default:other::r-x                                               

[securityoperator1@LME ~]$
[securityoperator1@LME ~]$
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names     
# file: etc/modprobe.d/dist.conf                           
# owner: root                                             
# group: root                                             
user::rw-                                                 
group::r--                                                 
group:securityoperator:rwx                                 
mask::rwx                                                 
other::r--                                                 

[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /etc/modprobe.d 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3                             
open("/lib64/libc.so.6", O_RDONLY)      = 3                             
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                   
open("/etc/modprobe.d", O_RDONLY)      = 3                             
/bin/cat: /etc/modprobe.dopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                       
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                             
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                           
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                           
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                 
: Is a directory                                                                         
[securityoperator1@LME ~]$                                                               
[securityoperator1@LME ~]$                                                               
[securityoperator1@LME ~]$ strace -v -eopen /usr/bin/vim /etc/modprobe.d/dist.conf 2>&1 
open("/usr/lib64/perl5/CORE/tls/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open("/usr/lib64/perl5/CORE/tls/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                               
open("/usr/lib64/perl5/CORE/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                             
open("/usr/lib64/perl5/CORE/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/etc/ld.so.cache", O_RDONLY)      = 3                                             
open("/lib64/libselinux.so.1", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libncurses.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/lib64/libncurses.so.5", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libacl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libacl.so.1", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libgpm.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/usr/lib64/libgpm.so.2", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libperl.so", O_RDONLY) = 3                                   
open("/usr/lib64/perl5/CORE/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libresolv.so.2", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libutil.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libc.so.6", O_RDONLY)      = 3                                             
open("/usr/lib64/perl5/CORE/libpython2.6.so.1.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                               
open("/usr/lib64/libpython2.6.so.1.0", O_RDONLY) = 3                                     
open("/usr/lib64/perl5/CORE/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libm.so.6", O_RDONLY)      = 3                                             
open("/usr/lib64/perl5/CORE/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libtinfo.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libtinfo.so.5", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                   
open("/lib64/libpthread.so.0", O_RDONLY) = 3                                             
open("/usr/lib64/perl5/CORE/libattr.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libattr.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libnsl.so.1", O_RDONLY)    = 3                                             
open("/usr/lib64/perl5/CORE/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libcrypt.so.1", O_RDONLY)  = 3                                             
open("/usr/lib64/perl5/CORE/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libfreebl3.so", O_RDONLY)  = 3                                             
open("/proc/filesystems", O_RDONLY)    = 3                                             
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                     
open("/usr/share/locale/locale.alias", O_RDONLY) = 3                                     
open("/usr/share/vim/vim72/lang/en_US.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                 
open("/usr/share/vim/vim72/lang/en_US.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                 
open("/usr/share/vim/vim72/lang/en_US/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                       
open("/usr/share/vim/vim72/lang/en.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                   
open("/usr/share/vim/vim72/lang/en.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                     
open("/usr/share/vim/vim72/lang/en/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open(".", O_RDONLY)                    = 3                                             
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3                                       
open(".", O_RDONLY)                    = 3                                             
open("/etc/vimrc", O_RDONLY)            = 3                                             
open("/usr/bin/cscope", O_RDONLY|O_NONBLOCK) = 4                                         
open("cscope.out", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)         
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/syntax/syntax.vim", O_RDONLY) = 4                             
open(".", O_RDONLY)                    = 5                                             
open("/usr/share/vim/vim72/syntax/synload.vim", O_RDONLY) = 5                           
open(".", O_RDONLY)                    = 6                                             
open("/usr/share/vim/vim72/syntax/syncolor.vim", O_RDONLY) = 6                           
open(".", O_RDONLY)                    = 5                                             
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 5                                 
open("/home/securityoperator1/.vim/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                 
open("/usr/share/vim/vimfiles/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6 
open("/usr/share/vim/vim72/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                         
open("/usr/share/vim/vimfiles/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6                                                                                     
open("/home/securityoperator1/.vim/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                           
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 4                                 
open(".", O_RDONLY)                    = 4                                             
open("/usr/share/vim/vim72/ftplugin.vim", O_RDONLY) = 4                                 
open(".", O_RDONLY)                    = 3                                             
open("/home/securityoperator1/.vimrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/home/securityoperator1/_vimrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open(".", O_RDONLY)                    = 3                                             
open("/home/securityoperator1/.exrc", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3   
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3   
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3     
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3     
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                   
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                   
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                 
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                 
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                     
open(".", O_RDONLY)                    = 3                                             
open("/usr/share/vim/vim72/plugin/filetype.vim", O_RDONLY) = 3                           
open(".", O_RDONLY)                    = 3                                             
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim", O_RDONLY) = 3                   
open(".", O_RDONLY)                    = 3                                             
open("/usr/share/vim/vim72/plugin/gzip.vim", O_RDONLY) = 3                               
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/matchparen.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/rrhelper.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/spellfile.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/tarPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/tohtml.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                    = 3
open("/usr/share/vim/vim72/plugin/zipPlugin.vim", O_RDONLY) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.viminfo", O_RDONLY) = 3


unSpawn 02-09-2013 11:37 AM

You seem to have succumbed to the "sledge hammer approach" by just granting user "securityoperator" execute rights on both the directory as well as all of its contents. That is not good. Don't be lax about system security. Besides that in your setfacl command you used "group" twice and I doubt that works.
I suggest you undo your changes and
Code:

setfacl -m u:securityoperator:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator:rw,g:securityoperator:rw /etc/modprobe.d/*


Curiosity42 02-09-2013 12:17 PM

One problem I have is that on that computer I have 5 securityoperators (securityoperator1 to securityoperator5).
The second problem I have is that a new securityoperator could be defined (e.g. securityoperator6) and s/he should have the same access rights.
You suggest to run in that case:
Code:

setfacl -m u:securityoperator1:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator1:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator2:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator2:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator3:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator3:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator4:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator4:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator5:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator5:rw,g:securityoperator:rw /etc/modprobe.d/*

and I would have to give a sudo mechanism for setfacl to create securityoperator6 as the user(s) would have not root access available?

I tried what you suggested with the following:
Code:

setfacl -m u:securityoperator1:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator1:rw-,g:securityoperator:rw- /etc/modprobe.d/*

but vim /etc/modprobe.d/dist.conf is still [read-only]
Note: I put after rw a dash, so now it is rw-, I guess that is the correct form?

unSpawn 02-09-2013 02:34 PM

Maybe your manual is newer but my 'man setfacl' doesn't list any dash usage for permissions. BTW you can string modifications together like "u:securityoperator1:rwx,u:securityoperator2:rwx,u:securityoperator3:rwx,g:securityoperator:rwx" . Again, the problem with 'setfacl -R -m u:securityoperator1:rwx' is you grant the user execute rights on all the existing files. This change doesn't only show up with 'getfacl' but also if you 'ls -al'. And I shouldn't have used "/etc/modprobe.d/*" as you can grant rights recursively:
Code:

setfacl -R -m u:securityoperator1:rw,u:securityoperator2:rw,u:securityoperator3:rw,g:securityoperator:rw /etc/modprobe.d
setfacl -m u:securityoperator1:rwx,u:securityoperator2:rwx,u:securityoperator3:rwx,g:securityoperator:rwx /etc/modprobe.d

Why /etc/modprobe.d/dist.conf remains read-only I can't see. What does 'getfacl --all-effective /etc/modprobe.d/dist.conf' say?


All times are GMT -5. The time now is 01:03 AM.