Hi guys

I am new to Linux (since yesterday) . .and am trying to set permission rights.

I have installed acl, but unable to use command
setfacl -R -m user:xyz:6 /var/www
(lists folders / files saying operation not supported !)

I need usr xyz to be able to move files transferred via ftp to the Apache www folder !
As well as access to mysql etc . .

Is there a way to set the user as a admin ?
I also tried:
chmod -R 0755 /var

Also no success

Pls someone help to set access rights for user xyz to be able to read write to all folders (all LAMP related files and folders . .)
using Debian, and gnome (which i dislike btw)

Thanks for any hints and tips in this matter
Kind regards
Alex

I think you are on the right track and hopefully a bit of explanation of Linux permissions will help. The permissions are broken into 3 groups, each represented as an octal digit. The permissions, in order, are for: owner-group-others and the digits are for read-write-execute. Directories need to have the execute permission set in order to function, which may not be intuitively obvious. Therefore when you set a file to 755, you are saying that the owner can read, write, and execute, but others can read and execute only but not write. Normally, when it comes to your apache directory you want, or rather really need, to keep the permissions restricted or else you will find that would be attackers can easily hijack your system. As far as your permissions go for your Apache folders, one suggestion would be to create a group, such as www-users and place user XYZ in this group. You could then use 'chmod' and chown to change the group ownership of the files to www-users and make this group write-able. This would allow XYZ to write to this directory, while still keeping the 'others' as read only (you especially don't want this to be write permitted).

I am not familiar with this ACL application, but it sounds like a variant of SELinux or Aparmor. Normally these applications aren't how you want to control user access, but rather they are used as a belt-and-suspenders backup to allow and restrict applications from being able to access critical configuration files.

MySQL doesn't use the file permissions. Instead you need to create a user account for XYZ and explicitly grant the permissions on the desired database to the user. One thing to keep in mind is that this gets a little more complicated if you are accessing the SQL server remotely. The login contains user@domain and when SQL is running on the same machine this is by default localhost. If they are logging in from another machine this will appear as user@other-host, which does NOT match user@localhost. You can use wild cards or create a remote-login account to correct this problem.

I am also confused about your dislike for Debian, and, or Gnome. If you don't like Gnome, you might want to try one of the other window managers: KDE, XFCE, Fluxbox, etc. Debian, however, is a solid and stable distribution. You should give it some time before signing off on it. May I ask if there is a particular problem you are having as perhaps there is a solution that would ease some of your frustrations?

2 members found this post helpful.

Hi Alex,

You will only be able to use setfacl command if that partition is mounted with acl option.

Do the following:

1. Take a backup of /etc/fstab
2. Edit the acl option on the device on which you are trying to set acl on. For example

usually it looks like the below:

/dev/hda1 /test ext3 defaults 0 0

change it to:

/dev/hda1 /test ext3 defaults,acl 0 0

3. Save /etc/fstab
4. Restart the system

Note:Make sure that you do not change any other option in /etc/fstab. Also check if /var is mounting as separate partition. Usually acls are used for home directories or shared directories.

1 members found this post helpful.