UNIX for Beginners Questions & Answers

All,

I am building a glusterfs environment for file storage and need to set up ACL's as there are multiple users that need different types of access. I have ingested ~20TB of needed data to /toplevel dir and:

Code:

chown -R root:root /toplevel ; chmod -R 775 /toplevel

What I need from ACL as far as permissions on all files and folders is:

group1:rwx
group2:rwx
group3:r--

This it appears I can accomplish with:

Code:

setfacl -R -m g:group1:rwx,g:group2:rwx,g:group3:r /toplevel

The problem I'm having is with the defaults that need to be in place for user folder and file creation inheriting the same permissions. I ran:

Code:

setfacl -R -m default:g:group1:rwx,default:g:group2:rwx,default:g:group3:r /toplevel

However, this did not allow for what I need (possibly due to mask?). If a user in group1 created a folder, another user in group1 could not write to it.

So, in testing a couple things I ran:

Code:

setfacl -m m:rwx /toplevel
setfacl -m default:u::rwx,default:g::rwx,default:o::rx /toplevel

This did not change the behavior. Here is the getfacl on /toplevel now:

Code:

# getfacl toplevel
# file: toplevel
# owner: root
# group: root
user::rwx
group::rwx
group:group1:rwx
group:group3:r--
group:group2:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:group1:rwx
default:group:group3:r--
default:group:group2:rwx
default:mask::rwx
default:other::r-x

Does anyone see here what I am doing wrong?

A related question: When configuring the default settings, is using the '-R' ONLY looking for directories to set the defaults or is it traversing files and skipping them, slowing down the process? Or would it be more efficient to do something like:

Code:

find /toplevel -type d -exec <setfacl cmd> {} \;

Thanks in advance, any guidance is greatly appreciated..

HB

---------- Post updated at 05:50 PM ---------- Previous update was at 03:00 PM ----------

Update:

When I create a folder under /toplevel from the command line as directory owner root, I get the following ACL's:

Code:

# getfacl toplevel/testing3
# file: toplevel/testing3
# owner: root
# group: root
user::rwx
group::rwx
group:group1:rwx
group:group3:r--
group:group2:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:group1:rwx
default:group:group3:r--
default:group:group2:rwx
default:mask::rwx
default:other::r-x

And with these ACL's, I can write to the newly created /toplevel/testing3 with users in group1.

When I create a folder under /toplevel from a CIFS share as a user in group1, I get the following ACL's:

Code:

# getfacl toplevel/testing4
# file: toplevel/testing4
# owner: user.1
# group: domain\040users
user::rwx
group::rwx		#effective:r-x
group:group1:rwx	#effective:r-x
group:group3:r--
group:group2:rwx	#effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::rwx
default:group:group1:rwx
default:group:group3:r--
default:group:group2:rwx
default:mask::rwx
default:other::r-x

With these ACL's users in group1 other than user.1 are unable to write to the newly created /toplevel/testing4 directory.

Does anyone have any idea of what is going on here?

Thanks,

HB

Update:

I have found that my problem was with my Samba settings (smb.conf). Specifically, I needed to add:

inherit acls = yes
inherit owner = yes
inherit permissions = yes

Now users in group1 and group3 can create folders and files that others in the groups can rw to.

Thanks,

HB