LinuxQuestions.org - setfacl to provide user access to /var/log does not work

Page 2 of 2

Show 50 post(s) from this thread on one page

- Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)

- - setfacl to provide user access to /var/log does not work (https://www.linuxquestions.org/questions/red-hat-31/setfacl-to-provide-user-access-to-var-log-does-not-work-4175448926/)

Curiosity42

02-09-2013 03:25 PM

Here is the information:

Code:

[securityoperator1@LME ~]$ getfacl --all-effective /etc/modprobe.d/dist.conf

getfacl: Removing leading '/' from absolute path names

# file: etc/modprobe.d/dist.conf

# owner: root

# group: root

user::rw-

user:securityoperator1:rw-      #effective:rw-

group::r--                      #effective:r--

group:securityoperator:rw-      #effective:rw-

mask::rw-

other::r--



[securityoperator1@LME ~]$

unSpawn

02-09-2013 03:55 PM

ACL for the file itself can't be the problem here. Looks good. If the /etc/modprobe.d directory has octal 0750 like you would expect and securityoperator1 has "rwx" for directory /etc/modprobe.d then I don't know.

Curiosity42

02-10-2013 01:29 AM

Thanks a lot of your help unSpawn. I do not know what is wrong either, I have to try to get it working with sudo. I would have preferred to do it with setfacl, but bad luck. I hope I will not have similar problems with sudo.

unSpawn

02-10-2013 07:40 PM

Quote:

Originally Posted by Curiosity42 (Post 4888030)

I do not know what is wrong either, I have to try to get it working with sudo. I would have preferred to do it with setfacl, but bad luck. I hope I will not have similar problems with sudo.

You haven't exactly answered my question but OK, you have to force a decision I guess. Wrt Sudo be aware you have to be precise. 'man sudoers' explains the difference between

Code:

securityoperator1 hostname = vi /etc/*

and

Code:

%securityoperator hostname = NOEXEC: /usr/bin/vi /etc/modprobe.d/dist.conf

*BTW do make a backup beforehand and if this is not some one-off maybe ponder usage of config management (like Puppet?) or at least versioning (centrally). HTH and G/L.

Curiosity42

02-16-2013 05:53 AM

Yes, I had to force a decision, because I had no longer time for investigation.
I am still interested in a setfacl solution, because I am not happy with the sudo result.
In a few weeks I will have another go on it.

All times are GMT -5. The time now is 04:48 AM.

Page 2 of 2

Show 50 post(s) from this thread on one page