LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Acl pemission problem (https://www.linuxquestions.org/questions/linux-server-73/acl-pemission-problem-4175422026/)

LittleMaster 08-14-2012 09:00 AM
Acl pemission problem
 
Hi

I Tried out to create default permission for newly created file and folder permission by using acl,But i could not find acl permission enabled for user in the group .Any file created in folder /sysadmin does not hold rwx for the group user user1 & user2


I followed the below link to

http://knackforge.com/blog/vannia/se...y-debianubuntu


Quote:
root@Little-desktop:~# useradd user1
root@Little-desktop:~# useradd user2
Quote:
root@Little-desktop:~# groupadd sysadmin
Quote:
root@Little-desktop:~# usermod -G sysadmin user1
root@Little-desktop:~# usermod -G sysadmin user2
Quote:
Quote:
root@Little-desktop:~# sudo setfacl -d -m
"u:user1:rwx,g:sysadmin:rwx,o::r-x" -R /sysadmin


Quote:
root@Little-desktop:~# sudo setfacl -d -m "u:user2:rwx,g:sysadmin:rwx,o::r-x" -R /sysadmin

Quote:
root@Little-desktop:~# cd /sysadmin/

root@Little-desktop:/sysadmin# ls
root@Little-desktop:/sysadmin# touch sysadmin
root@Little-desktop:/sysadmin# ls -al
total 8
drwxr-xr-x+ 2 root root 4096 2012-08-14 09:53 .
drwxr-xr-x 28 root root 4096 2012-08-14 09:45 ..
-rw-rw-r--+ 1 root root 0 2012-08-14 09:53 sysadmin

I tried to login as user1 to folder /sysadmin .But it deliver permission denied

Quote:
user1@Little-desktop:/$ cd /sysadmin/
user1@Little-desktop:/sysadmin$ ls
sysadmin
user1@Little-desktop:/sysadmin$ touch user1
touch: cannot touch `user1': Permission denied
user1@Little-desktop:/sysadmin$

Quote:
#cat /etc/group

user1:x:1012:
user2:x:1013:
sysadmin:x:1014:user1,user2
user1@Little-desktop:/$

barghota 08-14-2012 09:54 AM
Is the filesystem mounted with "-o acl" option?

gmlwall 08-14-2012 02:48 PM
Hi Little Master,

If your running EXT2/3 Filesystem you will need to enable ACLS and remount;

do this by editing

/etc/fstab

Quote:
/dev/md1 / ext3 defaults 1 1

to

/dev/md1 / ext3 rw,acl 1 1

basically change defaults to rw,acl.

This will make it persistant (stays after reboot) but you can make it effective now by running;

Quote:
mount -v -o remount /
It looks as though you basically want rwx permissions for anyone in the sysadmin group. Adding ACLS for each user is nice, but its better practice to do for groups, and add a user to that group. You can add individual permissions later :)

Lets clear your current config first;

Quote:
setfacl -R -b /dir/sysadmin
now check that user1 & user2 are added to your sysadmin group

Quote:
less /etc/groups
you should see something like

Quote:
sysadmin:x:503:user1,user2
The important bit is they have both names at the end.

Now just set ACL for the group

Quote:
setfacl -R -m g:sysadmin:rwx /dir/sysadmin
su to the user and check - let us know! :)

Reuti 08-15-2012 08:07 AM
Some remarks:

• You can use getfacl to check whether the intended permissions were set in the correct way.

• Was the user1 already logged in? The secondary groups are set during the login. The command id will tell what’s actually set for user1.

• For ext2/ext3 it’s also possible to define default mount options by tune2fs. This can include acl – and while ACLs are applied, this won’t show up in the output of mount command then.
Code:
# tune2fs -l /dev/sda1
tune2fs 1.40.2 (12-Jul-2007)

Default mount options:    acl

jschiwal 08-15-2012 08:10 AM
The default acl will be used when creating new directories and files. You need to create both a default acl and a normal acl.

I've done the same thing myself.

LittleMaster 08-16-2012 10:03 AM
I had made a entry for acl in fstab and executed mount -v -o remount / .Even i had made a soft reboot of my server .But still i could find find the acl enabled .





@gmlwall : I tried the things what you had posted above.But seems not to be working [/B]

Quote:
root@Little-desktop:~# less /etc/group | grep "sysadmin"
sysadmin:x:1003:user1,user2
root@Little-desktop:~# setfacl -R -b /sysadmin
root@Little-desktop:~# setfacl -R -m g:sysadmin:rwx /sysadmin
root@Little-desktop:~# su - user1
No directory, logging in with HOME=/
$ bash
user1@Little-desktop:/sysadmin$ touch user1
user1@Little-desktop:/sysadmin$ ls -al
total 8
drwxrwxr-x+ 2 root root 4096 2012-08-16 11:12 .
drwxr-xr-x 23 root root 4096 2012-08-16 11:02 ..
-rw-r--r-- 1 user1 user1 0 2012-08-16 11:12 user1



Quote:
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc nodev,noexec,nosuid 0 0
# / was on /dev/sda6 during installation
UUID=4434554a-c818-45d6-a252-c008aace1f57 / ext3 acl,errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=fcf6b15d-a70d-4968-b16a-3e34ca4499bd /boot ext3 defaults 0 2
# swap was on /dev/sda5 during installation
UUID=fb15c1a4-fb3c-4ca3-b948-65ab980d9c65 none swap sw


Quote:
# tune2fs /dev/sda6 -l
tune2fs 1.41.11 (14-Mar-2010)
Filesystem volume name: <none>
Last mounted on: <not available>
Filesystem UUID: 4434554a-c818-45d6-a252-c008aace1f57
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file
Filesystem flags: signed_directory_hash
Default mount options: (none)
Filesystem state: clean

when i executed mount command i could find the acl enabled for /

Quote:
#mount
/dev/sda6 on / type ext3 (rw,acl,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
/dev/sda1 on /boot type ext3 (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/Little/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=Little)

jschiwal 08-19-2012 08:42 PM
Code:
root@Little-desktop:~# less /etc/group | grep "sysadmin" sysadmin:x:1003:user1,user2 root@Little-desktop:~# setfacl -R -b /sysadmin root@Little-desktop:~# setfacl -R -m g:sysadmin:rwx /sysadmin
You need to create a default ACL for the directory as well. This is what the file you create later inherits.


All times are GMT -5. The time now is 06:40 PM.