ACL permission doesn't work for me (?)
Hello.
In my test server I have three users test1, test2, test3. All have respectivle /home/test1, /home/test2, /home/test3 directory. user1 is in group user1 user2 is in group user2 user3 is in group user1 In /home/test1 I have a 'file1'. It's 'ls -la' list shows grants as -rwrwxr--+ But as I uderstand it is not now -rwxrwxr-- in fact but "+" means that this file has additional ACL which is in use. Now. getfacl file1 says: #file : file1 #owner: user1 #group: user1 user::rw- user:user2:rwx group::rwx mask::rwx other::r-- As I uderstand user2 as well as user3(is in same group with user1) should have access to the file. BTW permissions should be: read,write and execute. When I try it (with vi, more) I always get permission alert and can't open or read the file. What's wrong with that? |
Users need execute (and usually read) permission in the directory and any parent directories in order to access the file. (Without read permission they would need to know the exact name, and things like tab-completion would not work.)
|
Quote:
However. Let me ask one question more. I'm curious as the excersize instruction that I had was to create file in home directory of user1 and allow to access this file by user2 and user3 (using this ACL feature). There were no mention about access rights for parent directory. Even I gave full path and name when trying to access it didn't work. I assume that your first statement about permission is a must. And please confirm because I can't find answer. If there is ACL for file(directory) it's permissions reported by ll doesn't take effect. Right? |
ACL's are a second layer of security on top of the standard ugo/rwx permissions. Without knowing what the standard permissions of the files/directories are we can only give some general pointers and are probably not able to pinpoint something specific.
Assuming the following setup (no acl's yet, just standard permissions): Code:
# ls -ld /home/test* User test2 can read file1, but cannot write or execute file1 Assuming this setup (still no acl's): Code:
# ls -ld /home/test* User test2 doesn't have access at all (permission denied). As you can see in the above examples it does matter what the initial situation is. Assuming the second example, you need to do the following to make file1 fully accessible for user test2: Code:
# permissions file1 without acl's: In this case you need to give user test2 execute permissions on test1's home directory: Code:
setfacl -m u:test2:x /home/test1 Quote:
|
Very well explained!
|
All times are GMT -5. The time now is 01:20 AM. |