I went through the ACL threads that were posted in the past but none were matching to my requirement . Hence starting a new thread .
Challenge :
user : a
group : Test1
user: b
group: Test2
Say under user a i create dir /tmp/debug with the privilege of 755 and also setfacl as setfacl -m d:g:Test2:rwx /tmp/debug . Why is that i am still not able to create any files in the directory as the user b even though the group Test2 is been granted full access .
below is the demo for the same :
Oracle Linux Server release 6.2
Code:
[root tmp]# groupadd test1
[root tmp]# groupadd test2
[root tmp]# useradd -g test1 a
[root tmp]# useradd -g test2 b
[root tmp]# passwd a
Changing password for user a.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# passwd b
Changing password for user b.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root tmp]# su - a
[a ~]$ cd /tmp
[a tmp]$ id a
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ id b
uid=518(b) gid=1042(test2) groups=1042(test2)
[a tmp]$ mkdir debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ chmod 755 debug
[a tmp]$ ls -tld debug/
drwxr-xr-x 2 a test1 4096 Aug 10 16:02 debug/
[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ setfacl -m d:g:test2:rwx /tmp/debug
[a tmp]$ getfacl /tmp/debug
# file: tmp/debug
# owner: a
# group: test1
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:test2:rwx
default:mask::rwx
default:other::r-x
[a tmp]$ id
uid=517(a) gid=1039(test1) groups=1039(test1)
[a tmp]$ su - b
Password:
[b ~]$ cd /tmp/debug/
[b debug]$ touch 1
touch: cannot touch `1': Permission denied
[b debug]$ pwd
/tmp/debug
.
Any early response would be highly appreciated.
Thanks,
leo
Moderator's Comments:
Please view this code tag video for how to use code tags when posting code and data.
Last edited by Corona688; 08-10-2012 at 12:47 PM..
Hi all,
I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
Hello genius..!
what do y'all think of these questions...? help appreciated...!
Access Control Lists and privileges....
# Why both file ACLs and user permissions/privileges (not to be confused with rights in ACLs) are used in Windows access control (why not just use one of these)?
# In... (1 Reply)
Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask...
thanks (0 Replies)
Hello,
I try to find what year HP-UX got support for ACL (Access Control List)? I know that HP-UX was the first Unix with ACL support, but it is very hard to find the information on when that occured.
So anyone here know when that did happen?
Any answers are appreciated,
/eXpander (1 Reply)
we have two Solaris 10 servers with same configuration and settings. We have hard mounted the NFS with the version 4.
In one of the server the newer ACL commands are working fine (chmod and ls -v) whereas in another only posix (getfacl and setfacl alone is working) when we try ls -V in in that... (13 Replies)
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
hi,
i am facing problem with acls,
as a root i logged in and applied acl for directory(dir5),by using command
setfacl -m u:user1:rwx dir5
but when i logged in as user1 i am not able to access that folder even though i applied full permission to that directory as a root.can any one help me on... (2 Replies)
All,
I am trying to clear ACL's completely from all files and folders in a directory. I can get the directories as cleared as:
# owner: root
# group: root
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::r-x
What ever I do I can't remove the... (4 Replies)
Discussion started by: hburnswell
4 Replies
LEARN ABOUT PLAN9
aclcheck
aclcheck(3SEC) File Access Control Library Functions aclcheck(3SEC)NAME
aclcheck - check the validity of an ACL
SYNOPSIS
cc [ flag... ] file... -lsec [ library... ]
#include <sys/acl.h>
int aclcheck(aclent_t *aclbufp, int nentries, int *which);
DESCRIPTION
The aclcheck() function checks the validity of an ACL pointed to by aclbufp. The nentries argument is the number of entries contained in
the buffer. The which parameter returns the index of the first entry that is invalid.
The function verifies that an ACL pointed to by aclbufp is valid according to the following rules:
o There must be exactly one GROUP_OBJ ACL entry.
o There must be exactly one USER_OBJ ACL entry.
o There must be exactly one OTHER_OBJ ACL entry.
o If there are any GROUP ACL entries, then the group ID in each group ACL entry must be unique.
o If there are any USER ACL entries, then the user ID in each user ACL entry must be unique.
o If there are any GROUP or USER ACL entries, then there must be exactly one CLASS_OBJ (ACL mask) entry.
o If there are any default ACL entries, then the following apply:
o There must be exactly one default GROUP_OBJ ACL entry.
o There must be exactly one default OTHER_OBJ ACL entry.
o There must be exactly one default USER_OBJ ACL entry.
o If there are any DEF_GROUP entries, then the group ID in each DEF_GROUP ACL entry must be unique.
o If there are any DEF_USER entries, then the user ID in each DEF_USER ACL entry must be unique.
o If there are any DEF_GROUP or DEF_USER entries, then there must be exactly one DEF_CLASS_OBJ (default ACL mask) entry.
o If any of the above rules are violated, then the function fails with errno set to EINVAL.
RETURN VALUES
If the ACL is valid, alcheck() will return 0. Otherwise errno is set to EINVAL and return code is set to one of the following:
GRP_ERROR There is more than one GROUP_OBJ or DEF_GROUP_OBJ ACL entry.
USER_ERROR There is more than one USER_OBJ or DEF_USER_OBJ ACL entry.
CLASS_ERROR There is more than one CLASS_OBJ (ACL mask) or DEF_CLASS_OBJ (default ACL mask) entry.
OTHER_ERROR There is more than one OTHER_OBJ or DEF_OTHER_OBJ ACL entry.
DUPLICATE_ERROR Duplicate entries of USER, GROUP, DEF_USER, or DEF_GROUP.
ENTRY_ERROR The entry type is invalid.
MISS_ERROR Missing an entry. The which parameter returns -1 in this case.
MEM_ERROR The system cannot allocate any memory. The which parameter returns -1 in this case.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT-Level |Unsafe |
+-----------------------------+-----------------------------+
SEE ALSO acl(2), aclsort(3SEC), attributes(5)SunOS 5.10 10 Dec 2001 aclcheck(3SEC)
08-10-2012
