I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread .
Challenge :
user : a
group : Test1
user: b
group: Test2
Say under user a i create dir /tmp/debug with the privilege of 755 and also setfacl as setfacl -m d:g:Test2:rwx /tmp/debug . Why is that i am still not able to create any files in the directory as the user b even though the group Test2 is been granted full access .
below is the demo for the same :
Oracle Linux Server release 6.2
Code:
[root tmp]# groupadd test1
[root tmp]# groupadd test2
[root tmp]# useradd -g test1 a
[root tmp]# useradd -g test2 b
[root tmp]# passwd a
Changing password for user a.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# passwd b
Changing password for user b.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# su - a
[a ~]$ cd /tmp
[a tmp]$ id a
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ id b
uid=518(b) gid=1042(test2) groups=1042(test2)
[a tmp]$ mkdir debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ chmod 755 debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ setfacl -m d:g:test2:rwx /tmp/debug
[a tmp]$ getfacl /tmp/debug
# file: tmp/debug
# owner: a
# group: test1
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:test2:rwx
default:mask::rwx
default:other::r-x
[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ su - b
Password:
[b ~]$ cd /tmp/debug/
[b debug]$ touch 1
touch: cannot touch `1': Permission denied
[b debug]$ pwd
/tmp/debug
.
Any early response would be highly appreciated.
Thanks,
leo
Moderator's Comments:
Please view this code tag video for how to use code tags when posting code and data.
Last edited by Corona688; 08-10-2012 at 12:47 PM..
Hi all,
I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Hello genius..!
what do y'all think of these questions...? help appreciated...!
Access Control Lists and privileges....
# Why both file ACLs and user permissions/privileges (not to be confused with rights in ACLs) are used in Windows access control (why not just use one of these)?
# In... (1 Reply)
Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask...
thanks (0 Replies)
Hello,
I try to find what year HP-UX got support for ACL (Access Control List)? I know that HP-UX was the first Unix with ACL support, but it is very hard to find the information on when that occured.
So anyone here know when that did happen?
Any answers are appreciated,
/eXpander (1 Reply)
we have two Solaris 10 servers with same configuration and settings. We have hard mounted the NFS with the version 4.
In one of the server the newer ACL commands are working fine (chmod and ls -v) whereas in another only posix (getfacl and setfacl alone is working) when we try ls -V in in that... (13 Replies)
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
hi,
i am facing problem with acls,
as a root i logged in and applied acl for directory(dir5),by using command
setfacl -m u:user1:rwx dir5
but when i logged in as user1 i am not able to access that folder even though i applied full permission to that directory as a root.can any one help me on... (2 Replies)
All,
I am trying to clear ACL's completely from all files and folders in a directory. I can get the directories as cleared as:
# owner: root
# group: root
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::r-x
What ever I do I can't remove the... (4 Replies)
Discussion started by: hburnswell
4 Replies
LEARN ABOUT OPENSOLARIS
acltotext
acltotext(3SEC) File Access Control Library Functions acltotext(3SEC)NAME
acltotext, aclfromtext - convert internal representation to or from external representation
SYNOPSIS
cc [ flag... ] file... -lsec [ library... ]
#include <sys/acl.h>
char *acltotext(aclent_t *aclbufp, int aclcnt);
aclent_t *aclfromtext(char *acltextp, int *aclcnt);
DESCRIPTION
The acltotext() function converts an internal ACL representation pointed to by aclbufp into an external ACL representation. The space for
the external text string is obtained using malloc(3C). The caller is responsible for freeing the space upon completion..
The aclfromtext() function converts an external ACL representation pointed to by acltextp into an internal ACL representation. The space
for the list of ACL entries is obtained using malloc(3C). The caller is responsible for freeing the space upon completion. The aclcnt argu-
ment indicates the number of ACL entries found.
An external ACL representation is defined as follows:
<acl_entry>[,<acl_entry>]...
Each <acl_entry> contains one ACL entry. The external representation of an ACL entry contains two or three colon-separated fields. The
first field contains the ACL entry tag type. The entry type keywords are defined as:
user This ACL entry with no UID specified in the ACL entry ID field specifies the access granted to the owner of the object.
Otherwise, this ACL entry specifies the access granted to a specific user-name or user-id number.
group This ACL entry with no GID specified in the ACL entry ID field specifies the access granted to the owning group of the
object. Otherwise, this ACL entry specifies the access granted to a specific group-name or group-id number.
other This ACL entry specifies the access granted to any user or group that does not match any other ACL entry.
mask This ACL entry specifies the maximum access granted to user or group entries.
default:user This ACL entry with no uid specified in the ACL entry ID field specifies the default access granted to the owner of the
object. Otherwise, this ACL entry specifies the default access granted to a specific user-name or user-ID number.
default:group This ACL entry with no gid specified in the ACL entry ID field specifies the default access granted to the owning group of
the object. Otherwise, this ACL entry specifies the default access granted to a specific group-name or group-ID number.
default:other This ACL entry specifies the default access for other entry.
default:mask This ACL entry specifies the default access for mask entry.
The second field contains the ACL entry ID, as follows:
uid This field specifies a user-name, or user-ID if there is no user-name associated with the user-ID number.
gid This field specifies a group-name, or group-ID if there is no group-name associated with the group-ID number.
empty This field is used by the user and group ACL entry types.
The third field contains the following symbolic discretionary access permissions:
r read permission
w write permission
x execute/search permission
- no access
RETURN VALUES
Upon successful completion, the acltotext() function returns a pointer to a text string. Otherwise, it returns NULL.
Upon successful completion, the aclfromtext() function returns a pointer to a list of ACL entries. Otherwise, it returns NULL.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT-Level |Unsafe |
+-----------------------------+-----------------------------+
SEE ALSO acl(2), malloc(3C), attributes(5)SunOS 5.11 10 Dec 2001 acltotext(3SEC)
08-10-2012
