LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 02-06-2013, 02:42 PM   #1
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Rep: Reputation: 0
setfacl to provide user access to /var/log does not work


I would like to give normal user (securityoperator1) group (securityoperator) access to the directory /var/log and in detail to the files messages, secure, etc...

I executed the following commands:

Code:
setfacl -R -m u:securityoperator1:r--,g:securityoperator:r-- /var/log

cd /var/log

getfacl messages
# file: messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::r--
group:securityoperator:r--
mask::r--
others:---
Now I logged in as user securityoperator1 and tried to list the messages file contents in /var/log and just got an access denied.

What am I missing here? Why does it fail?
 
Old 02-06-2013, 02:51 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Quote:
Originally Posted by Curiosity42 View Post
Why does it fail?
Directories need execute rights. This ACL would have been way more precise if you would have used
Code:
setfacl -m u:securityoperator1:--x,g:securityoperator:--x /var/log
setfacl -m u:securityoperator1:r--,g:securityoperator:r-- /var/log/messages
 
1 members found this post helpful.
Old 02-06-2013, 03:12 PM   #3
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
I executed both both commands, logged in as securityoperator1 and executed:

Code:
more /var/log/messages
/var/log/messages: Permission denied
Logged in as root and executed:

Code:
getfacl messages
# file: messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::r--
group:securityoperator:r--
mask::r--
others:---
I use RHEL 6.1, ext4 file system and LVM.

Last edited by Curiosity42; 02-06-2013 at 03:15 PM. Reason: Information added.
 
Old 02-06-2013, 07:10 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Quote:
Originally Posted by Curiosity42 View Post
Logged in as root and
You've heard about Sudo, right? Besides you can run 'getfacl /var/log/messages' here as unprivileged user.


Quote:
Originally Posted by Curiosity42 View Post
I use RHEL 6.1, ext4 file system and LVM.
Distribution or file system doesn't matter as long as it understands attributes (as your getfacl output shows).


Quote:
Originally Posted by Curiosity42 View Post
I executed both both commands, logged in as securityoperator1 and executed:
Code:
more /var/log/messages
/var/log/messages: Permission denied
Since there's two items (the directory and the files it contains) it makes sense to list attributes on both (even though /var/log itself should have octal mode 0755 already anyway). If there's no local customization done that could prohibit accessing the file running a verbose strace with a simple 'cat' like 'strace -v -eopen /bin/cat /var/log/messages 2>&1' may show clues.
 
Old 02-06-2013, 08:02 PM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You want both 'r' and 'x' permissions for the /var/log/ directory. Not just x.

AFAIK, if you have the r default bit set, directories also get the x bit set. The eXecutable bit set would a bad default for regular files, but needed for directories. But since /var/log/ and the subdirectories are already created,you need to set both.
 
Old 02-07-2013, 04:26 AM   #6
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
@unSpawn
Code:
[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /var/log/messages 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/var/log/messages", O_RDONLY)     = -1 EACCES (Permission denied)
/bin/cat: /var/log/messagesopen("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
: Permission denied
[securityoperator1@LME ~]$
@jschiwal
I tried it, but it does not work either.
 
Old 02-07-2013, 05:47 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
And 'getfacl /var/log' ?
 
Old 02-07-2013, 02:33 PM   #8
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
@unSpawn
I have setup the machine new and started from scratch (with setfacl) and it worked immediately.
Here is the log:

Before I used setfacl
Code:
[root@LME ~]# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[root@LME ~]# getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
group::---
other::---

[root@LME ~]#
Using setfacl to give access rights to securityoperator1
Code:
[root@LME ~]# setfacl -m u:securityoperator1:--x,g:securityoperator:--x /var/log
[root@LME ~]# setfacl -m u:securityoperator1:r--,g:securityoperator:r-- /var/log/messages
[root@LME ~]#
After using setfacl
Code:
[root@LME ~]#
[root@LME ~]# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: root
user::rwx
user:securityoperator1:--x
group::r-x
group:securityoperator:--x
mask::r-x
other::r-x

[root@LME ~]# getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
user:securityoperator1:r--
group::---
group:securityoperator:r--
mask::r--
other::---

[root@LME ~]#
I do not know what I have done wrong before, but now it works.
Just for completeness the strace log:

Code:
[superuser1@LME ~]$ strace -v -eopen /bin/cat /var/log 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3                
open("/lib64/libc.so.6", O_RDONLY)      = 3                
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3       
open("/var/log", O_RDONLY)              = 3                
/bin/cat: /var/logopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)      
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)   
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)    
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)         
: Is a directory                                                                                           
[superuser1@LME ~]$                                                                                        
[superuser1@LME ~]$                                                                                        
[superuser1@LME ~]$ strace -v -eopen /bin/cat /var/log/messages 2>&1                                       
open("/etc/ld.so.cache", O_RDONLY)      = 3                                                                
open("/lib64/libc.so.6", O_RDONLY)      = 3                                                                
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                                       
open("/var/log/messages", O_RDONLY)     = 3                                                                
Feb  7 13:44:01 PPM kernel: imklog 4.6.2, log source = /proc/kmsg started.                                 
Feb  7 13:44:01 PPM rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1432" x-info="http://www.rsyslog.com"] (re)start                                                                                                     
Feb  7 13:45:39 PPM rhsm-complianced: This system is missing one or more valid entitlement certificates. Please run subscription-manager for more information.                                                                          
Feb  7 13:46:50 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0           
Feb  7 13:46:51 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0           
Feb  7 13:47:07 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0           
Feb  7 13:47:08 PPM NetworkManager[1566]:    ifcfg-rh: updating /etc/sysconfig/network-scripts/ifcfg-eth0
I still have a few questions about setfacl usage:
  1. can I give another user (e.g. securityoperator2) read access too?
  2. can I allocate another user (e.g. localoperator1) in group localoperator read access to the same directory/file too?
  3. can i give all users with the group securityoperator read access independent from the user name?
  4. if I want to have read access for all files in a directory how do I use the setfacl command?
  5. how can I remove access rights (from user or group) that I have given before with setfacl?

Thanks for your support.

Last edited by Curiosity42; 02-07-2013 at 03:23 PM. Reason: Another question added.
 
Old 02-07-2013, 04:18 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Quote:
Originally Posted by Curiosity42 View Post
I have setup the machine new and started from scratch (with setfacl) and it worked immediately.
That's nice when you can afford it. The downside is there is nothing left to diagnose meaning you have robbed yourself of the learning experience.


Quote:
Originally Posted by Curiosity42 View Post
I still have a few questions about setfacl usage
...which can be answered by you reading the setfacl manual page and by testing it. I invite you to reply by answering your own questions and asking only those questions you can't work out for yourself.
 
Old 02-08-2013, 02:15 PM   #10
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
@unSpawn

I tried to give the group securityoperator read/write access to the directory /etc/modprobe.d/, but I was not successful. I have done the following:

getfacl before I executed the setfacl command:
Code:
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/dist.conf
# owner: root
# group: root
user::rw-
group::r--
other::r--
Execution of the setfacl command:
Code:
setfacl -R -m d:g:securityoperator:rw-,g:securityoperator:rw- /etc/modprobe.d
In my opinion it should do the following:
Sets the permissions for all users that belong to the securityoperator group.
Whenever the root user or any user of the securityoperator group creates files
and directories, they will inherit the access attributes.
Additionally the users of the group securityoperator have read/write access to all
existing files in the directory /etc/modprobe.d/

getfacl after I executed the setfacl command:
Code:
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/
# owner: root
# group: root
user::rwx
group::r-x
group:securityoperator:rw-
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:securityoperator:rw-
default:mask::rwx
default:other::r-x

[securityoperator1@LME ~]$
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/modprobe.d/dist.conf
# owner: root
# group: root
user::rw-
group::r--
group:securityoperator:rw-
mask::rw-
other::r--
I opened the file /etc/modprobe.d/dist.conf with vim, but it still is read-only.

Here is a strace of /etc/modprobe.d

Code:
[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /etc/modprobe.d 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/etc/modprobe.d", O_RDONLY)       = 3
/bin/cat: /etc/modprobe.dopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
: Is a directory
[securityoperator1@LME ~]$
Here is a strace of /etc/modprobe.d/dist.conf
Code:
[securityoperator1@LME ~]$ strace -v -eopen /usr/bin/vim /etc/modprobe.d/dist.conf 2>&1
open("/usr/lib64/perl5/CORE/tls/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                          
open("/usr/lib64/perl5/CORE/tls/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                 
open("/usr/lib64/perl5/CORE/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                              
open("/usr/lib64/perl5/CORE/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/etc/ld.so.cache", O_RDONLY)      = 3                                               
open("/lib64/libselinux.so.1", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libncurses.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libncurses.so.5", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libacl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/lib64/libacl.so.1", O_RDONLY)    = 3                                               
open("/usr/lib64/perl5/CORE/libgpm.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/usr/lib64/libgpm.so.2", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libperl.so", O_RDONLY) = 3                                    
open("/usr/lib64/perl5/CORE/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                      
open("/lib64/libresolv.so.2", O_RDONLY) = 3                                               
open("/usr/lib64/perl5/CORE/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                        
open("/lib64/libutil.so.1", O_RDONLY)   = 3                                               
open("/usr/lib64/perl5/CORE/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/lib64/libc.so.6", O_RDONLY)      = 3                                               
open("/usr/lib64/perl5/CORE/libpython2.6.so.1.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                 
open("/usr/lib64/libpython2.6.so.1.0", O_RDONLY) = 3                                      
open("/usr/lib64/perl5/CORE/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/lib64/libm.so.6", O_RDONLY)      = 3                                               
open("/usr/lib64/perl5/CORE/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY)     = 3                                               
open("/usr/lib64/perl5/CORE/libtinfo.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libtinfo.so.5", O_RDONLY)  = 3                                               
open("/usr/lib64/perl5/CORE/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libpthread.so.0", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libattr.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                        
open("/lib64/libattr.so.1", O_RDONLY)   = 3                                               
open("/usr/lib64/perl5/CORE/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/lib64/libnsl.so.1", O_RDONLY)    = 3                                               
open("/usr/lib64/perl5/CORE/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libcrypt.so.1", O_RDONLY)  = 3                                               
open("/usr/lib64/perl5/CORE/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libfreebl3.so", O_RDONLY)  = 3                                               
open("/proc/filesystems", O_RDONLY)     = 3                                               
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                      
open("/usr/share/locale/locale.alias", O_RDONLY) = 3                                      
open("/usr/share/vim/vim72/lang/en_US.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                  
open("/usr/share/vim/vim72/lang/en_US.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                   
open("/usr/share/vim/vim72/lang/en_US/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                        
open("/usr/share/vim/vim72/lang/en.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                     
open("/usr/share/vim/vim72/lang/en.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                      
open("/usr/share/vim/vim72/lang/en/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                           
open(".", O_RDONLY)                     = 3                                               
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3                                         
open(".", O_RDONLY)                     = 3                                               
open("/etc/vimrc", O_RDONLY)            = 3                                               
open("/usr/bin/cscope", O_RDONLY|O_NONBLOCK) = 4                                          
open("cscope.out", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)           
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/syntax/syntax.vim", O_RDONLY) = 4                              
open(".", O_RDONLY)                     = 5                                               
open("/usr/share/vim/vim72/syntax/synload.vim", O_RDONLY) = 5                             
open(".", O_RDONLY)                     = 6                                               
open("/usr/share/vim/vim72/syntax/syncolor.vim", O_RDONLY) = 6                            
open(".", O_RDONLY)                     = 5                                               
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 5                                   
open("/home/securityoperator1/.vim/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/usr/share/vim/vimfiles/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6  
open("/usr/share/vim/vim72/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                           
open("/usr/share/vim/vimfiles/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6                                                                                      
open("/home/securityoperator1/.vim/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                             
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 4                                   
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/ftplugin.vim", O_RDONLY) = 4                                   
open(".", O_RDONLY)                     = 3                                               
open("/home/securityoperator1/.vimrc", O_RDONLY) = -1 ENOENT (No such file or directory)  
open("/home/securityoperator1/_vimrc", O_RDONLY) = -1 ENOENT (No such file or directory)  
open(".", O_RDONLY)                     = 3                                               
open("/home/securityoperator1/.exrc", O_RDONLY) = -1 ENOENT (No such file or directory)   
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                     
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                     
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3    
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3    
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3       
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3       
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                    
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                    
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                             
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                             
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                      
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                      
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                  
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                  
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/filetype.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/gzip.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/matchparen.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/rrhelper.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/spellfile.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/tarPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/tohtml.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/zipPlugin.vim", O_RDONLY) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.viminfo", O_RDONLY) = 3
[securityoperator1@LME ~]$
I do not know what I have done wrong?
 
Old 02-09-2013, 06:39 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
See post #5, the directory ACL part? (rwx)

Last edited by unSpawn; 02-09-2013 at 06:41 AM.
 
Old 02-09-2013, 10:53 AM   #12
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
@unSpawn

I executed now the command:
Code:
setfacl -R -m d:g:securityoperator:rwx,g:securityoperator:rwx /etc/modprobe.d
and still have the same problem vim /etc/modprobe.d/dist.conf is read-only.

Here I have the getfacl and the strace, I do not know what is wrong with it.
Code:
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/                
getfacl: Removing leading '/' from absolute path names             
# file: etc/modprobe.d/                                            
# owner: root                                                      
# group: root                                                      
user::rwx                                                          
group::r-x                                                         
group:securityoperator:rwx                                         
mask::rwx                                                          
other::r-x                                                         
default:user::rwx                                                  
default:group::r-x                                                 
default:group:securityoperator:rwx                                 
default:mask::rwx                                                  
default:other::r-x                                                 

[securityoperator1@LME ~]$ 
[securityoperator1@LME ~]$ 
[securityoperator1@LME ~]$ getfacl /etc/modprobe.d/dist.conf
getfacl: Removing leading '/' from absolute path names      
# file: etc/modprobe.d/dist.conf                            
# owner: root                                               
# group: root                                               
user::rw-                                                   
group::r--                                                  
group:securityoperator:rwx                                  
mask::rwx                                                   
other::r--                                                  

[securityoperator1@LME ~]$ strace -v -eopen /bin/cat /etc/modprobe.d 2>&1
open("/etc/ld.so.cache", O_RDONLY)      = 3                              
open("/lib64/libc.so.6", O_RDONLY)      = 3                              
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                     
open("/etc/modprobe.d", O_RDONLY)       = 3                              
/bin/cat: /etc/modprobe.dopen("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                         
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                          
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                               
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                            
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                             
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                  
: Is a directory                                                                          
[securityoperator1@LME ~]$                                                                
[securityoperator1@LME ~]$                                                                
[securityoperator1@LME ~]$ strace -v -eopen /usr/bin/vim /etc/modprobe.d/dist.conf 2>&1   
open("/usr/lib64/perl5/CORE/tls/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                          
open("/usr/lib64/perl5/CORE/tls/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                 
open("/usr/lib64/perl5/CORE/x86_64/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                              
open("/usr/lib64/perl5/CORE/libselinux.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/etc/ld.so.cache", O_RDONLY)      = 3                                               
open("/lib64/libselinux.so.1", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libncurses.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libncurses.so.5", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libacl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/lib64/libacl.so.1", O_RDONLY)    = 3                                               
open("/usr/lib64/perl5/CORE/libgpm.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/usr/lib64/libgpm.so.2", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libperl.so", O_RDONLY) = 3                                    
open("/usr/lib64/perl5/CORE/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                      
open("/lib64/libresolv.so.2", O_RDONLY) = 3                                               
open("/usr/lib64/perl5/CORE/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                        
open("/lib64/libutil.so.1", O_RDONLY)   = 3                                               
open("/usr/lib64/perl5/CORE/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/lib64/libc.so.6", O_RDONLY)      = 3                                               
open("/usr/lib64/perl5/CORE/libpython2.6.so.1.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                 
open("/usr/lib64/libpython2.6.so.1.0", O_RDONLY) = 3                                      
open("/usr/lib64/perl5/CORE/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) 
open("/lib64/libm.so.6", O_RDONLY)      = 3                                               
open("/usr/lib64/perl5/CORE/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib64/libdl.so.2", O_RDONLY)     = 3                                               
open("/usr/lib64/perl5/CORE/libtinfo.so.5", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libtinfo.so.5", O_RDONLY)  = 3                                               
open("/usr/lib64/perl5/CORE/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                     
open("/lib64/libpthread.so.0", O_RDONLY) = 3                                              
open("/usr/lib64/perl5/CORE/libattr.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                        
open("/lib64/libattr.so.1", O_RDONLY)   = 3                                               
open("/usr/lib64/perl5/CORE/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                         
open("/lib64/libnsl.so.1", O_RDONLY)    = 3                                               
open("/usr/lib64/perl5/CORE/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libcrypt.so.1", O_RDONLY)  = 3                                               
open("/usr/lib64/perl5/CORE/libfreebl3.so", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                                       
open("/lib64/libfreebl3.so", O_RDONLY)  = 3                                               
open("/proc/filesystems", O_RDONLY)     = 3                                               
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3                                      
open("/usr/share/locale/locale.alias", O_RDONLY) = 3                                      
open("/usr/share/vim/vim72/lang/en_US.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                  
open("/usr/share/vim/vim72/lang/en_US.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                   
open("/usr/share/vim/vim72/lang/en_US/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                        
open("/usr/share/vim/vim72/lang/en.UTF-8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                     
open("/usr/share/vim/vim72/lang/en.utf8/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                      
open("/usr/share/vim/vim72/lang/en/LC_MESSAGES/vim.mo", O_RDONLY) = -1 ENOENT (No such file or directory)                                                                           
open(".", O_RDONLY)                     = 3                                               
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3                                         
open(".", O_RDONLY)                     = 3                                               
open("/etc/vimrc", O_RDONLY)            = 3                                               
open("/usr/bin/cscope", O_RDONLY|O_NONBLOCK) = 4                                          
open("cscope.out", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)           
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/syntax/syntax.vim", O_RDONLY) = 4                              
open(".", O_RDONLY)                     = 5                                               
open("/usr/share/vim/vim72/syntax/synload.vim", O_RDONLY) = 5                             
open(".", O_RDONLY)                     = 6                                               
open("/usr/share/vim/vim72/syntax/syncolor.vim", O_RDONLY) = 6                            
open(".", O_RDONLY)                     = 5                                               
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 5                                   
open("/home/securityoperator1/.vim/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                   
open("/usr/share/vim/vimfiles/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6  
open("/usr/share/vim/vim72/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                           
open("/usr/share/vim/vimfiles/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6                                                                                      
open("/home/securityoperator1/.vim/after/ftdetect/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                             
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/filetype.vim", O_RDONLY) = 4                                   
open(".", O_RDONLY)                     = 4                                               
open("/usr/share/vim/vim72/ftplugin.vim", O_RDONLY) = 4                                   
open(".", O_RDONLY)                     = 3                                               
open("/home/securityoperator1/.vimrc", O_RDONLY) = -1 ENOENT (No such file or directory)  
open("/home/securityoperator1/_vimrc", O_RDONLY) = -1 ENOENT (No such file or directory)  
open(".", O_RDONLY)                     = 3                                               
open("/home/securityoperator1/.exrc", O_RDONLY) = -1 ENOENT (No such file or directory)   
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                     
open("/home/securityoperator1/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)                                                     
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3    
open("/usr/share/vim/vimfiles/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3    
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3       
open("/usr/share/vim/vim72/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3       
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                    
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                    
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/filetype.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/spellfile.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/README.txt/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/tohtml.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                           
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                             
open("/usr/share/vim/vim72/plugin/gzip.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                             
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                      
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                      
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                  
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                  
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/zipPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/tarPlugin.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                        
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/rrhelper.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                         
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open("/usr/share/vim/vim72/plugin/matchparen.vim/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)                                                       
open(".", O_RDONLY)                     = 3                                               
open("/usr/share/vim/vim72/plugin/filetype.vim", O_RDONLY) = 3                            
open(".", O_RDONLY)                     = 3                                               
open("/usr/share/vim/vim72/plugin/getscriptPlugin.vim", O_RDONLY) = 3                     
open(".", O_RDONLY)                     = 3                                               
open("/usr/share/vim/vim72/plugin/gzip.vim", O_RDONLY) = 3                                
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/matchparen.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/netrwPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/rrhelper.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/spellfile.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/tarPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/tohtml.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/vimballPlugin.vim", O_RDONLY) = 3
open(".", O_RDONLY)                     = 3
open("/usr/share/vim/vim72/plugin/zipPlugin.vim", O_RDONLY) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/usr/share/vim/vimfiles/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.vim/after/plugin/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/securityoperator1/.viminfo", O_RDONLY) = 3

Last edited by Curiosity42; 02-09-2013 at 10:54 AM. Reason: Error corrected
 
Old 02-09-2013, 11:37 AM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
You seem to have succumbed to the "sledge hammer approach" by just granting user "securityoperator" execute rights on both the directory as well as all of its contents. That is not good. Don't be lax about system security. Besides that in your setfacl command you used "group" twice and I doubt that works.
I suggest you undo your changes and
Code:
setfacl -m u:securityoperator:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator:rw,g:securityoperator:rw /etc/modprobe.d/*
 
Old 02-09-2013, 12:17 PM   #14
Curiosity42
LQ Newbie
 
Registered: Jan 2013
Location: Earth
Posts: 20

Original Poster
Rep: Reputation: 0
One problem I have is that on that computer I have 5 securityoperators (securityoperator1 to securityoperator5).
The second problem I have is that a new securityoperator could be defined (e.g. securityoperator6) and s/he should have the same access rights.
You suggest to run in that case:
Code:
setfacl -m u:securityoperator1:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator1:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator2:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator2:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator3:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator3:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator4:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator4:rw,g:securityoperator:rw /etc/modprobe.d/*

setfacl -m u:securityoperator5:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator5:rw,g:securityoperator:rw /etc/modprobe.d/*
and I would have to give a sudo mechanism for setfacl to create securityoperator6 as the user(s) would have not root access available?

I tried what you suggested with the following:
Code:
setfacl -m u:securityoperator1:rwx,g:securityoperator:rwx /etc/modprobe.d
setfacl -m u:securityoperator1:rw-,g:securityoperator:rw- /etc/modprobe.d/*
but vim /etc/modprobe.d/dist.conf is still [read-only]
Note: I put after rw a dash, so now it is rw-, I guess that is the correct form?

Last edited by Curiosity42; 02-09-2013 at 12:38 PM. Reason: Added result of test.
 
Old 02-09-2013, 02:34 PM   #15
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Maybe your manual is newer but my 'man setfacl' doesn't list any dash usage for permissions. BTW you can string modifications together like "u:securityoperator1:rwx,u:securityoperator2:rwx,u:securityoperator3:rwx,g:securityoperator:rwx" . Again, the problem with 'setfacl -R -m u:securityoperator1:rwx' is you grant the user execute rights on all the existing files. This change doesn't only show up with 'getfacl' but also if you 'ls -al'. And I shouldn't have used "/etc/modprobe.d/*" as you can grant rights recursively:
Code:
setfacl -R -m u:securityoperator1:rw,u:securityoperator2:rw,u:securityoperator3:rw,g:securityoperator:rw /etc/modprobe.d
setfacl -m u:securityoperator1:rwx,u:securityoperator2:rwx,u:securityoperator3:rwx,g:securityoperator:rwx /etc/modprobe.d
Why /etc/modprobe.d/dist.conf remains read-only I can't see. What does 'getfacl --all-effective /etc/modprobe.d/dist.conf' say?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
convert LAN IP address to Host Name when I give cmd tail -f /var/log/squid/access.log rs15 Linux - Networking 6 01-22-2012 01:45 AM
visudo? I need to provide sudo access to Oracle User rohit724 Linux - Newbie 2 12-09-2010 10:25 AM
Provide only ssh access to a guest user lothario Linux - Newbie 5 08-02-2009 04:38 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM
Strange results in /var/log/apache/access.log subt13 Linux - Security 2 08-03-2004 01:21 PM


All times are GMT -5. The time now is 08:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration