Setfacl and granting permissions to a group and its members on a directory


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Setfacl and granting permissions to a group and its members on a directory
# 1  
Old 08-07-2013
Setfacl and granting permissions to a group and its members on a directory

Hi!


I created a group HACKERS and made the user "demo" its member.

PHP Code:
[demo@localhost ~]$ id demo
uid
=500(demogid=500(demogroups=500(demo),502(HACKERS)
[
demo@localhost ~]$ 
Next, I granted read and execute permissions to the group "HACKERS" on /var/log/httpd as shown below:

PHP Code:
setfacl -"g:HACKERS:r-x" /var/log/httpd

[demo@localhost ~]$ getfacl /var/log/httpd/
getfaclRemoving leading '/' from absolute path names
# file: var/log/httpd/
# owner: root
# group: root
user::rwx
group
::---
group:HACKERS:r-x
mask
::r-x
other
::--- 
Still the user "demo" is not able to read/execute any command on the said directory:

PHP Code:
[demo@localhost ~]$ cd /var/log/httpd/
bashcd: /var/log/httpd/: Permission denied 
Could you please help me?

I did that exercise on a production server and the team is asking me to get them permission as soon as possible.





One strange thing I noticed: If I do "su - root" and then do "su - demo" and check access then it works fine. But I can't do that on the production server.


I don't know what is wrong? If I grant the permission using setfacl to the user "demo" then it all works fine.
PHP Code:
[root@localhost ~]# setfacl -m u:demo:r-x /manager

...

[
demo@localhost ~]$ cd /manager
[demo@localhost manager]$ 

Why is it not working for the group?


I also checked several online tutorials and followed a similar exercise given here:
PHP Code:
http://bencane.com/2012/05/27/acl-us...ists-on-linux/

and it is no way different from what I have done above


Update:


I have been able to do it but in a different way:

I first logged in to the machine as "root" and then run the setfacl command.

Next, the user "demo" directly logs in to the server and is able to access the directory /var/log/httpd.

Well, I can't do that exercise on the production server. I have to first log-in using my Windows AD credentials and then switch user to root by running the following command:

sudo su -l root

and this is not working as explained earlier. So, what is wrong with the switching user to root and then setting permissions?

I checked it on my local VM and the same thing happened.

Last edited by indiansoil; 08-07-2013 at 07:55 AM..
# 2  
Old 08-07-2013
Code:
ls -ld /var /var/log
getfacl  /var /var/log

I think the problem may be in permissions for path directories.
# 3  
Old 08-08-2013
I had to log out and log in back and the problem was resolved.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

creating a secondary read only group with setfacl

We have created ACL's to allow two differnet groups to access some directories. You can see output from getfacl below. group::rwx group:rbauser:r-- The original group has full access, the secondary group has read only. However users in the secondary group can't see the directories. Think this... (1 Reply)
Discussion started by: dw82199
1 Replies

2. Solaris

setfacl don't change permission on group owner

I try to use setfacl command to change the permission of the group primary it does not accept the command , it really accept but don't change the permission on the group. the point here I read that if I use chmod command on group primary the mask changed, but if I use setfacl mask should not... (0 Replies)
Discussion started by: hard_revenge
0 Replies

3. Solaris

setfacl on a directory

Hi All, I am trying to set an ACL for a directory on my Solaris 10 box. I have an application which resides under /opt/CA directory. Application is installed by root and running as root. All log and configuration files are placed under /opt/CA as well. What I am trying to do is granting... (1 Reply)
Discussion started by: niyazi
1 Replies

4. UNIX for Dummies Questions & Answers

granting permission to file/directory to a specific user

hello, I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user. I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies

5. Solaris

How to list group members in solaris 9

Hi, I already gone through with old post regarding listing the group members and tried the command getenv group other the result is other::1:root i listed my part of the /etc/passwd file below test1:x:100:1::/home/test1:/bin/sh test2:x:101:1::/home/test2:/bin/ksh... (7 Replies)
Discussion started by: vr_mari
7 Replies

6. Linux

members in a group

Hi all, I am new to Linux.Can anyone tell me how to display or list all the members in a group? Thanks in advance. (9 Replies)
Discussion started by: arthi
9 Replies

7. AIX

How to allow group members to kill process?

Hey I'm writing a script that creates some processes,and some scripts which kill those processes. the question is Simply: How can I allow group members to be able to kill processes created by other member at the same group? I need your help as soon as possible Thanks for your help in... (4 Replies)
Discussion started by: The Dark Knight
4 Replies

8. Shell Programming and Scripting

How to get a list of group members?

Is there a command to get a list of group members? Something similar to the groups command, but instead of passing a username and returning groups, you pass it a groupname, and it returns members? It is difficult to do it manually because the group membership information is split across two... (5 Replies)
Discussion started by: akbar
5 Replies

9. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

10. UNIX for Dummies Questions & Answers

listing members of a unix group

I know there is a "groups" command to list the groups a user belongs to, but how about the opposite? Is there a standard command to find out which users belong to a particular group? (2 Replies)
Discussion started by: ovaska
2 Replies
Login or Register to Ask a Question