I have set up default acls on a directory to allow user user1 to read it. This directory is owned by root:root.
I also did via the group.
This works fine, new files made by root are readable.
However, the process that is writing new files is writing them as 700, and this user cannot read those files.
This occurs also if you create a file that is readable, then chmod 700.
Can some explain the effective rights for me and why its overiding the acls where the files are either chmod 700, or written as 700 by the process that is writing them? I know this is the correct behaviour, I am just trying to understand why this is.
I have the same on AIX (slightly different commands) and that is just how it works. The safest way to change such files is by editing the ACL. What you are saying with your chmod is "Overwrite the security permissions with RWX --- ---" so that's what it does. Everything else is invalidated.
perhaps you may have more success with the other format of chmod where you specifically grant/revoke accesses:-
I've never tried this, and you may be able to combine them, but the basically system is doing what you ask it to.
Sorry, should have stated, I have no control over what is changing the files. They are written by a process nightly, the acls are to allow auditing via splunk. But new files are no taking the default ACL as they are being written as 700, or at least written as something else and the chmodded to 700. Eitherway, the default ACLs set on that directory are not working for the new files, and splunk can cannot read the new files, but can on everything else in the directory. I can fix with cron, but it doesn't seem very elegant :-)
As far as I recall, using POSIX commands such as chmod overwrite any previous ACLs on a file and create a new ACL with entries only for owner, group and everyone.
Hi,
I need to grant read permission to a normal user on sulog file on AIX 6.1.
As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
I work on a distribution application on Linux which generates bulk reference data extract feeds and stores them on a Linux server. I have several consumer applications access the files stored on this Linux server using FTPS protocol. However in order for consumer applications to have access to... (2 Replies)
Hello experts,
I would like to know if is possible to create a default acl rule to a directory.
in this directory all files created should have executable permissions by the group IT.
i tried setfacl -m d:g:it:rwx /files
tried to change the mask setfacl -m m::rwx /files
but i still... (3 Replies)
Hi everybody
As the title says I wonder if the usual (in my case Ubuntu 14.04 LTS) linux installation root does in fact uses any of the ACLs possible extensions in any of its files/dirs
I ask this because I usually use tar to backup the entire root (in offline) with a command like this (root... (2 Replies)
Hi guys,
There is a line in squid default configuration:
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
acls are applied from top down, so CONNECT acl will deny access to all non SSL and SSL ports. I mean it never reaches the second access rule. (0 Replies)
Hello,
I have a directory and a list of files in it on which I'd like to set ACLs and quota.
To set ACLs regarding the UGO rights set at the moment, I haven't found any other way than grabbing the UGO rights set on the file with a shell cut command and then applying setfacl commands to that... (2 Replies)
Hey everyone, I was wondering if there was a quicker way to chmod a lot of files than doing what im currently doing.
At the moment, im doing chmod 777 *filename* - but I have a lot of files, sub-directories, sub-files etc etc. And at the moment I see I have to chmod every single file... (3 Replies)