Hi All,
I have an issue with linux acls, though I have implemented them I failed to foresee the issue.Now the server is in production and I would have to take down time to rectify it. And I hereby declare that this is not homework.
And the directory below the /A/DATA directory say DATA1 has to be
Code:
rwx:group2, rwx:group3 , rwx: group4
I have accomplished this by
Code:
setfacl -m g:group1:rwx,g:group2:rx,g:group3:rx,g:group4:rx /A/DATA
and
setfacl -m g:group2:rwx,g:group3:rwx,g:group4:rwx /A/DATA/DATA1
Later,I have realized that all the newly created data under /A/DATA/DATA1 does not inherit the ACL's of parent directory (/A/DATA/DATA1).So to counter this I tried
All was ok and then I relaized that this was still nto working for anything newly created in /A/DATA/DATA1 and I have to schedule the above command in cron via a script
The command is exiting cleanly and getfacl shows the following result
Code:
getfacl --tabular /a/abc/data
getfacl: Removing leading '/' from absolute path names
# file: a/abc/data
USER user1 rwx rwx
GROUP groupm rwx rwx
group group1 rwx
group group2 rwx
group group3 rwx
group group4 rwx
mask rwx rwx
other rwx r-x
However when a user from group2 or group1 or group4 or group4 tries to write data he gets access denied.
Do the groups have at least rx permission on /a directory? If not, they will not be able to get into the directory or do something like touch /a/abc/data.
Please post the result of "getfacl /A". What do you mean by "rx" permission at OS level? ACLs for the child directories are fine. I suspect that you have not set ACL for the groups on /A directory which is leading to the issue.
The issue is now resolved, I had to fine tune the ACL's by doing so
Have normal ACL's on ( /A) recursively and on the complicated ACL's ( /A/abc/data) I have set recursive ACL's. I have tested this over the data created over the weekend and all seems well.
I was using PureVPN (with openvpn) on my windows machines and thought I'd try setting that up on linux mint 19.1 (xfce 32 bit).
I followed complete installation process given on their website and all was working fine until I had to move the renamed config file into the openvpn folder.
... (2 Replies)
Hello,
I am on a Mac and trying to clean up some monthly files with a very simple SED:
sed '3,10d;/<ACROSS>/,$d' input.txt > output.txt
(from the input, delete lines 3 - 10; then delete from the line containing <ACROSS> to the end of the file)
then output to output.txt
Even when I try... (2 Replies)
Hi Experts,,,
Need your help/advice on how to fix this
I have 2 users under same group (primary group) and i want to give 777 permissions on a directory to one dir owned by user1 when granted i can see than from getfacl but when i actually login as user2 i can touch a file .
... (3 Replies)
I'm in the process of migrating my windows file servers to a Ubuntu Samba server.
My plan is to use cp -Rp to copy all the mounted files to the proper directory on my Ubuntu server.
I can mount them just fine but if I run getfacl against a mounted directory its not showing any of my Windows... (0 Replies)
Hi, I want to know what does the "effective" comment means in the output of the getfacl and whether it has to do with the acl mask...
thanks (0 Replies)
Hi All,
I had installed Red HAt Linux on Virtual PC.
I completed installation and then 1 pop up asks for removing CD from drive and rebooting the system.
I had done same. But afetr reboot nothing is displayed on the screen.
What is the actual problem????
Kindly provide me the solution .... (1 Reply)
Hi,
while setting access control list I am getting error "Operation NOt Supported"
Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Hi all,
I've just been handled the responsibility for a FTP-site. Having no experiens of UNIX at all. And now one of my users needs to have full access to the usr directory and all it's subdirectories, don't know why just trying to do what the boss tells me. The type of UNIX is FreeBSD and the... (4 Replies)
03-26-2012
