Hi!
I created a group HACKERS and made the user "demo" its member.
PHP Code:
[demo@localhost ~]$ id demo
uid=500(demo) gid=500(demo) groups=500(demo),502(HACKERS)
[demo@localhost ~]$
Next, I granted read and execute permissions to the group "HACKERS" on /var/log/httpd as shown below:
PHP Code:
setfacl -m "g:HACKERS:r-x" /var/log/httpd
[demo@localhost ~]$ getfacl /var/log/httpd/
getfacl: Removing leading '/' from absolute path names
# file: var/log/httpd/
# owner: root
# group: root
user::rwx
group::---
group:HACKERS:r-x
mask::r-x
other::---
Still the user "demo" is not able to read/execute any command on the said directory:
PHP Code:
[demo@localhost ~]$ cd /var/log/httpd/
bash: cd: /var/log/httpd/: Permission denied
Could you please help me?
I did that exercise on a production server and the team is asking me to get them permission as soon as possible.
One strange thing I noticed: If I do "su - root" and then do "su - demo" and check access then it works fine. But I can't do that on the production server.
I don't know what is wrong? If I grant the permission using setfacl to the user "demo" then it all works fine.
PHP Code:
[root@localhost ~]# setfacl -m u:demo:r-x /manager
...
[demo@localhost ~]$ cd /manager
[demo@localhost manager]$
Why is it not working for the group?
I also checked several online tutorials and followed a similar exercise given here:
PHP Code:
http://bencane.com/2012/05/27/acl-us...ists-on-linux/
and it is no way different from what I have done above.
Update:
I have been able to do it but in a different way:
I first logged in to the machine as "root" and then run the setfacl command.
Next, the user "demo" directly logs in to the server and is able to access the directory /var/log/httpd.
Well, I can't do that exercise on the production server. I have to first log-in using my Windows AD credentials and then switch user to root by running the following command:
sudo su -l root
and this is not working as explained earlier. So, what is wrong with the switching user to root and then setting permissions?
I checked it on my local VM and the same thing happened.