Solved

Redhat - ACL

Posted on 2013-01-08
22
640 Views
Last Modified: 2013-03-19
[dave@desktop5 test]$ ls -ld .
drwxr-xr-x+ 2 root root 4096 Jan  8 18:22 .
[dave@desktop5 test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:dave:-wx
default:group::r-x
default:mask::rwx
default:other::r-x

[dave@desktop5 test]$ touch file1
touch: cannot touch `file1': Permission denied
[dave@desktop5 test]$

why i can't touch a file according to my permission.
0
Comment
Question by:ittechlab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
  • 2
22 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 38757584
Try this:

setfacl -m u:dave:rwx .

touch file1

ls -l file1

What are the permissions of file1?
0
 

Author Comment

by:ittechlab
ID: 38757590
[root@desktop5 ~]# cd /var/lo
local/ lock/  log/
[root@desktop5 ~]# cd /var/log/test/
[root@desktop5 test]# setfacl -m u:dave:rwx .
[root@desktop5 test]# su - dave
[dave@desktop5 ~]$ cd /var/log/test/
[dave@desktop5 test]$ touch file1
[dave@desktop5 test]$ ls -l file1
-rw-rw-r--+ 1 dave dave 0 Jan  8 18:40 file1
0
 

Author Comment

by:ittechlab
ID: 38757593
why wx didn't work?

others have r permission. isn't that going to help dave to create contents in the directory.


[dave@desktop5 test]$ ls -ld .
drwxrwxr-x+ 2 root root 4096 Jan  8 18:40 .
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 31

Expert Comment

by:farzanj
ID: 38757600
Take a look at this:
ftp://ftp-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.0/adminguide-9.0/node27.html
It states:
Default ACL
Default ACLs can only be applied to directories. They determine the permissions a file system object inherits from its parent directory when it is created.


Dave only had default.  Didn't have actual permissions.  He was considered "others".
0
 

Author Comment

by:ittechlab
ID: 38757618
default:user:dave:-wx

i am still not clear. this is what dave had according to your recent explanation right?
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38757621
Yes, this is NOT the permission for dave!  This is the default permission for files created.  Dave did not have any permissions.  Since the folder was owned by user and group root, dave was "others". I made special permission for dave.

Did you read the link above in detail?
0
 
LVL 19

Expert Comment

by:jools
ID: 38758625
dont you just need to change the perms to 777 for the test directory or make dave the owner??

The original post test was owned by root and the directory only had permissions for root to write to it.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38758711
@Jools:  Right, but with ACL, he can allow dave to any kind of permission without changing any ownership and that is what he is trying to do.  The only thing is the user permission in ACL and default permissions and two different concepts.
0
 

Author Comment

by:ittechlab
ID: 38758839
based on my original post, dave had the following permission. Why he couldn't create a file.

default:user:dave:-wx
0
 
LVL 31

Accepted Solution

by:
farzanj earned 310 total points
ID: 38758891
@ittechlab
Did you read the link I gave you above????

default:user:dave:-wx
IT IS NOT THE PERMISSION FOR dave.
Permission would appear like
user:dave:-wx

WITHOUT DEFAULT IN FRONT OF IT.  What is so confusing??  I fixed the issue for you, I gave you all the possible explanation and a related link. I even gave you the definition of defaults.  If you read the link above, it has more explanation.
0
 

Author Comment

by:ittechlab
ID: 38758894
setfacl -m user:dave:wx test

what is mean then? I am I not giving dave to create contents in test folder.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38758925
In your original post, I only saw user dave with default and NO PERMISSIONS.

>> I am I not giving dave to create contents in test folder.
Then take away the write permission not the read permission.  When he creates files/folders in a folder, he uses the write permission of the folder not the read permission.
0
 

Author Comment

by:ittechlab
ID: 38758929
setfacl -m user:dave:wx /var/log/test/
setfacl: Option -m: Invalid argument near character 6


whats wrong with this?

cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
0
 
LVL 19

Expert Comment

by:jools
ID: 38758939
doesnt the file need to be owned by someone other than root then?
0
 

Author Comment

by:ittechlab
ID: 38758944
i fixed.

How come it works in redhat 5.7 and when i apply the same in redhat 6 it does not work.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38758957
If you don't want dave to have write permissions, you don't need to do anything because he will be "others" and will be able to read and execute anyway.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38758965
@Jools: are you asking me?  If so, elaborate your question.  Otherwise please disregard this comment.
0
 

Author Comment

by:ittechlab
ID: 38758977
did something change with recent version, i didn't see deafult:user part before.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38758991
No, ACLs are the same even in RHEL 4 and obviously 5 and 6.  Only that you have one machine with default and other with actual permissions.  In RHEL4 you had to remount partitions with ACL options.  In RHEL6 ACLs are enabled by default.
0
 

Author Comment

by:ittechlab
ID: 38759259
i have redhat 6 and 5.7. when i tried to setup ACL the output was different. one didn't had default part.
0
 

Author Comment

by:ittechlab
ID: 38759489
How come its working in 5.7.  If i apply same steps i don't see it works in redhat 6. I don't see any default stuff here.

[root@~]# useradd test
[root@~]# mkdir /var/log/testDir
[root@~]# ls -ld /var/log/testDir/
drwxr-x--- 2 root root 4096 Jan  9 11:11 /var/log/testDir/
[root@~]# setfacl -m user:test:wx /var/log/testDir/
[root@~]# su - test
[test@~]$ cd /var/log/testDir/
[test@testDir]$ touch file1
[test@testDir]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:test:-wx
group::r-x
mask::rwx
other::---
0
 
LVL 31

Expert Comment

by:farzanj
ID: 38759622
I was able to issue the setfacl command on RHEL6.3 and get the expected outcome without default.  So I am not sure why it is happening with you as conceptually it shouldn't unless you specifically set the default  and I am able to work it correctly on RHEL6.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Apache LDAP Authentication 20 72
Syslog-ng works. Now what? How to filter and manage? 8 113
ossec: how to extend rules 1002 and 1003 2 46
Linux 6 37
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question