LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-14-2012, 09:00 AM   #1
LittleMaster
Member
 
Registered: Jun 2012
Posts: 121
Blog Entries: 1

Rep: Reputation: Disabled
Acl pemission problem


Hi

I Tried out to create default permission for newly created file and folder permission by using acl,But i could not find acl permission enabled for user in the group .Any file created in folder /sysadmin does not hold rwx for the group user user1 & user2


I followed the below link to

http://knackforge.com/blog/vannia/se...y-debianubuntu


Quote:
root@Little-desktop:~# useradd user1
root@Little-desktop:~# useradd user2
Quote:
root@Little-desktop:~# groupadd sysadmin
Quote:
root@Little-desktop:~# usermod -G sysadmin user1
root@Little-desktop:~# usermod -G sysadmin user2
Quote:
Quote:
root@Little-desktop:~# sudo setfacl -d -m
"u:user1:rwx,g:sysadmin:rwx,o::r-x" -R /sysadmin


Quote:
root@Little-desktop:~# sudo setfacl -d -m "u:user2:rwx,g:sysadmin:rwx,o::r-x" -R /sysadmin

Quote:
root@Little-desktop:~# cd /sysadmin/

root@Little-desktop:/sysadmin# ls
root@Little-desktop:/sysadmin# touch sysadmin
root@Little-desktop:/sysadmin# ls -al
total 8
drwxr-xr-x+ 2 root root 4096 2012-08-14 09:53 .
drwxr-xr-x 28 root root 4096 2012-08-14 09:45 ..
-rw-rw-r--+ 1 root root 0 2012-08-14 09:53 sysadmin

I tried to login as user1 to folder /sysadmin .But it deliver permission denied

Quote:
user1@Little-desktop:/$ cd /sysadmin/
user1@Little-desktop:/sysadmin$ ls
sysadmin
user1@Little-desktop:/sysadmin$ touch user1
touch: cannot touch `user1': Permission denied
user1@Little-desktop:/sysadmin$

Quote:
#cat /etc/group

user1:x:1012:
user2:x:1013:
sysadmin:x:1014:user1,user2
user1@Little-desktop:/$

Last edited by LittleMaster; 08-14-2012 at 09:10 AM.
 
Old 08-14-2012, 09:54 AM   #2
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
Is the filesystem mounted with "-o acl" option?
 
Old 08-14-2012, 02:48 PM   #3
gmlwall
LQ Newbie
 
Registered: Aug 2012
Posts: 2

Rep: Reputation: Disabled
Hi Little Master,

If your running EXT2/3 Filesystem you will need to enable ACLS and remount;

do this by editing

/etc/fstab

Quote:
/dev/md1 / ext3 defaults 1 1

to

/dev/md1 / ext3 rw,acl 1 1

basically change defaults to rw,acl.

This will make it persistant (stays after reboot) but you can make it effective now by running;

Quote:
mount -v -o remount /
It looks as though you basically want rwx permissions for anyone in the sysadmin group. Adding ACLS for each user is nice, but its better practice to do for groups, and add a user to that group. You can add individual permissions later

Lets clear your current config first;

Quote:
setfacl -R -b /dir/sysadmin
now check that user1 & user2 are added to your sysadmin group

Quote:
less /etc/groups
you should see something like

Quote:
sysadmin:x:503:user1,user2
The important bit is they have both names at the end.

Now just set ACL for the group

Quote:
setfacl -R -m g:sysadmin:rwx /dir/sysadmin
su to the user and check - let us know!
 
Old 08-15-2012, 08:07 AM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Some remarks:

• You can use getfacl to check whether the intended permissions were set in the correct way.

• Was the user1 already logged in? The secondary groups are set during the login. The command id will tell what’s actually set for user1.

• For ext2/ext3 it’s also possible to define default mount options by tune2fs. This can include acl – and while ACLs are applied, this won’t show up in the output of mount command then.
Code:
# tune2fs -l /dev/sda1
tune2fs 1.40.2 (12-Jul-2007)
… 
Default mount options:    acl
…
 
Old 08-15-2012, 08:10 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The default acl will be used when creating new directories and files. You need to create both a default acl and a normal acl.

I've done the same thing myself.

Last edited by jschiwal; 08-15-2012 at 08:11 AM.
 
Old 08-16-2012, 10:03 AM   #6
LittleMaster
Member
 
Registered: Jun 2012
Posts: 121

Original Poster
Blog Entries: 1

Rep: Reputation: Disabled
I had made a entry for acl in fstab and executed mount -v -o remount / .Even i had made a soft reboot of my server .But still i could find find the acl enabled .





@gmlwall : I tried the things what you had posted above.But seems not to be working [/B]

Quote:
root@Little-desktop:~# less /etc/group | grep "sysadmin"
sysadmin:x:1003:user1,user2
root@Little-desktop:~# setfacl -R -b /sysadmin
root@Little-desktop:~# setfacl -R -m g:sysadmin:rwx /sysadmin
root@Little-desktop:~# su - user1
No directory, logging in with HOME=/
$ bash
user1@Little-desktop:/sysadmin$ touch user1
user1@Little-desktop:/sysadmin$ ls -al
total 8
drwxrwxr-x+ 2 root root 4096 2012-08-16 11:12 .
drwxr-xr-x 23 root root 4096 2012-08-16 11:02 ..
-rw-r--r-- 1 user1 user1 0 2012-08-16 11:12 user1



Quote:
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc nodev,noexec,nosuid 0 0
# / was on /dev/sda6 during installation
UUID=4434554a-c818-45d6-a252-c008aace1f57 / ext3 acl,errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=fcf6b15d-a70d-4968-b16a-3e34ca4499bd /boot ext3 defaults 0 2
# swap was on /dev/sda5 during installation
UUID=fb15c1a4-fb3c-4ca3-b948-65ab980d9c65 none swap sw


Quote:
# tune2fs /dev/sda6 -l
tune2fs 1.41.11 (14-Mar-2010)
Filesystem volume name: <none>
Last mounted on: <not available>
Filesystem UUID: 4434554a-c818-45d6-a252-c008aace1f57
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file
Filesystem flags: signed_directory_hash
Default mount options: (none)
Filesystem state: clean

when i executed mount command i could find the acl enabled for /


Quote:
#mount
/dev/sda6 on / type ext3 (rw,acl,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
/dev/sda1 on /boot type ext3 (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/Little/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=Little)

Last edited by LittleMaster; 08-16-2012 at 10:18 AM.
 
Old 08-19-2012, 08:42 PM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Code:
root@Little-desktop:~# less /etc/group | grep "sysadmin" sysadmin:x:1003:user1,user2 root@Little-desktop:~# setfacl -R -b /sysadmin root@Little-desktop:~# setfacl -R -m g:sysadmin:rwx /sysadmin
You need to create a default ACL for the directory as well. This is what the file you create later inherits.

Last edited by jschiwal; 08-19-2012 at 08:44 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with samba and ACL ,ACL does not work as I want golden_boy615 Linux - Server 1 12-18-2011 09:18 AM
Automount drive pemission Boffy Linux - General 5 04-24-2008 11:00 AM
NFS pemission denied deviance99 Linux - Networking 3 07-18-2005 05:17 PM
Samba PDC Home folder pemission Problem mwj Linux - Software 0 01-28-2004 04:34 AM
pemission denied zacrah Linux - Software 2 06-25-2003 06:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration