Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need assistance on ACL
Top Forums UNIX for Advanced & Expert Users Need assistance on ACL Post 302684837 by leobreaker on Friday 10th of August 2012 06:41:44 AM
Old 08-10-2012
Need assistance on ACL
Hi Friends,

I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread .

Challenge :
user : a
group : Test1

user: b
group: Test2

Say under user a i create dir /tmp/debug with the privilege of 755 and also setfacl as setfacl -m d:g:Test2:rwx /tmp/debug . Why is that i am still not able to create any files in the directory as the user b even though the group Test2 is been granted full access .

below is the demo for the same :
Oracle Linux Server release 6.2
Code:
[root tmp]# groupadd test1
[root tmp]# groupadd test2
[root tmp]# useradd -g test1 a
[root tmp]# useradd -g test2 b
[root tmp]# passwd a
Changing password for user a.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# passwd b
Changing password for user b.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# su - a
[a ~]$ cd /tmp
[a tmp]$ id a
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ id b
uid=518(b) gid=1042(test2) groups=1042(test2)
[a tmp]$ mkdir debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ chmod 755 debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ setfacl -m  d:g:test2:rwx /tmp/debug
[a tmp]$ getfacl /tmp/debug
# file: tmp/debug
# owner: a
# group: test1
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:test2:rwx
default:mask::rwx
default:other::r-x

[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ su - b
Password:
[b ~]$ cd /tmp/debug/
[b debug]$ touch 1
touch: cannot touch `1': Permission denied
[b debug]$ pwd
/tmp/debug
.

Any early response would be highly appreciated.

Thanks,
leo
Moderator's Comments:
Mod Comment Please view this code tag video for how to use code tags when posting code and data.
Last edited by Corona688; 08-10-2012 at 12:47 PM..
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

ACL

Hi all, I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Discussion started by: -tri-
4 Replies

2. UNIX for Dummies Questions & Answers

ACL vs privileges

Hello genius..! what do y'all think of these questions...? help appreciated...! Access Control Lists and privileges.... # Why both file ACLs and user permissions/privileges (not to be confused with rights in ACLs) are used in Windows access control (why not just use one of these)? # In... (1 Reply)
Discussion started by: heroine
1 Replies

3. Linux

ACL

Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask... thanks (0 Replies)
Discussion started by: Gartlar
0 Replies

4. Solaris

ACL

Can i get the synopsis for add multiple users in single command for ACL access for a directory or a file thanks in advance dinu (3 Replies)
Discussion started by: dinu
3 Replies

5. HP-UX

When did HP-UX have support for ACL?

Hello, I try to find what year HP-UX got support for ACL (Access Control List)? I know that HP-UX was the first Unix with ACL support, but it is very hard to find the information on when that occured. So anyone here know when that did happen? Any answers are appreciated, /eXpander (1 Reply)
Discussion started by: eXpander
1 Replies

6. Solaris

ACL on the Solaris

we have two Solaris 10 servers with same configuration and settings. We have hard mounted the NFS with the version 4. In one of the server the newer ACL commands are working fine (chmod and ls -v) whereas in another only posix (getfacl and setfacl alone is working) when we try ls -V in in that... (13 Replies)
Discussion started by: sathishbabu89
13 Replies

7. UNIX for Beginners Questions & Answers

Help setting ACL's

Folks, Solaris 10 issue When I add a new directory to a path, I only get the "group@" line in the ACL The parent directory ACL is drwxrws---+ 12 root teama 12 Jul 18 10:31 . owner@:rwxp-DaARWc---:------:allow group@:rwxp-DaARWc--s:fd----:allow ... (0 Replies)
Discussion started by: wilberforce
0 Replies

8. UNIX for Beginners Questions & Answers

How to apply acl?

hi, i am facing problem with acls, as a root i logged in and applied acl for directory(dir5),by using command setfacl -m u:user1:rwx dir5 but when i logged in as user1 i am not able to access that folder even though i applied full permission to that directory as a root.can any one help me on... (2 Replies)
Discussion started by: cmanoj489
2 Replies

9. UNIX for Advanced & Expert Users

ACL confusion

All, I am trying to clear ACL's completely from all files and folders in a directory. I can get the directories as cleared as: # owner: root # group: root user::rwx group::r-x other::rwx default:user::rwx default:group::r-x default:other::r-x What ever I do I can't remove the... (4 Replies)
Discussion started by: hburnswell
4 Replies

LEARN ABOUT CENTOS

cgexec

CGEXEC(1)							 libcgroup Manual							 CGEXEC(1)

NAME

       cgexec - run the task in given control groups

SYNOPSIS

       cgexec [-h] [-g <controllers>:<path>] [--sticky] command [arguments]

DESCRIPTION

       The cgexec program executes the task command with arguments arguments in the given control groups.

       -g <controllers>:<path>
	      defines  the  control  groups  in which the task will be run.  controllers is a list of controllers and path is the relative path to
	      control groups in the given controllers list.

	      This flag can be used multiple times to define multiple pairs of lists of controllers and relative paths.  Instead of  the  list	of
	      all mounted controllers, the wildcard b"*b" can be used.

	      If this option is not used, cgexec will automatically place the task in the right cgroup based on /etc/cgrules.conf.

	      If  /etc/cgrules.conf  configuration file is used, there can be used template names. Then the control group name contains a template
	      in destination tag (see cgrules.conf (5)) and if the cgroup does not exist in execution time, it is created,  based  on  /etc/cgcon-
	      fig.conf specification.  If the specifications are not present the group is created with the default kernel values.

       -h, --help
	      Display this help and exit.

       --sticky
	      If running the task command with this option, the daemon of service cgred (cgrulesengd process) does not change both the task of the
	      command and the child tasks. Without this option, the daemon does not change the task of the command but it changes the child  tasks
	      to the right cgroup based on /etc/cgrules.conf automatically.

EXAMPLES

       cgexec -g *:test1 ls
       runs command ls in control group test1 in all mounted controllers.

       cgexec -g cpu,memory:test1 ls -l
       runs command ls -l in control group test1 in controllers cpu and memory.

       cgexec -g cpu,memory:test1 -g swap:test2 ls -l
       runs command ls -l in control group test1 in controllers cpu and memory and control group test2 in controller swap.

ENVIRONMENT VARIABLES

       CGROUP_LOGLEVEL
	      controls verbosity of the tool. Allowed values are DEBUG, INFO, WARNING or ERROR.

FILES

       /etc/cgrules.conf
	      default libcgroup configuration file

SEE ALSO

       cgrules.conf (5)

Linux								    2009-03-15								 CGEXEC(1)
All times are GMT -4. The time now is 12:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy