Issue with ACL's (Help/Advice Needed)


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Issue with ACL's (Help/Advice Needed)
# 1  
Old 09-27-2014
Issue with ACL's (Help/Advice Needed)

Hi Experts,,,

Need your help/advice on how to fix this

I have 2 users under same group (primary group) and i want to give 777 permissions on a directory to one dir owned by user1 when granted i can see than from getfacl but when i actually login as user2 i can touch a file .

Code:
=====================================================================
--Logged as euser 
$ id euser
uid=54325(euser) gid=54323(grpi) groups=54323(grpi)

$ ls -ld logs
drwxr-xr-x 2 euser grpi 4096 Sep 21 00:17 logs ## Logs dir has 755 permissions

$ setfacl -m d:u:guser:rwx,d:m:rwx logs ## Want to set ACL only to user -> guser (777)

$ ls -ld logs
drwxr-xr-x+ 2 euser grpi 4096 Sep 21 00:17 logs

$ getfacl logs
# file: logs
# owner: euser
# group: grpi
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:guser:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

--Logged as guser

$ id guser
uid=54324(guser) gid=54323(grpi) groups=54323(grpi),54322(grpa)

$ ls -ld logs/
drwxr-xr-x+ 2 euser grpi 4096 Sep 21 00:17 logs/

$ touch a
touch: cannot touch `a': Permission denied

===================================================================

Also to note when i make ACL's i dont want to see 775 becuase if it shows 775 then ther is no meaning to ACL

As per our protocal we are not allowed to use 775 (for audit purpose) so is the reason we want to give user2 777 permissions on dir owned by user1. So is the reason want to take use of ACL.

before ACL its 755 and after ACL i want it to be 755+ (internally that should allow user2 to read/write/exec on that dir.)

Thats all my intention.

Please help.
# 2  
Old 09-29-2014
Any reply experts...

---------- Post updated 09-29-14 at 10:06 AM ---------- Previous update was 09-28-14 at 04:22 PM ----------

Can some one advice/help please
# 3  
Old 09-29-2014
Your post is very confusing as what you say doesnt seem to match with the given printscreen for a start:
Quote:
i want to give 777 permissions on a directory to one dir owned by user1 when granted i can see than from getfacl but when i actually login as user2 i can touch a file .
only in your screen hard copy we see:
Code:
$ ls -ld logs/
drwxr-xr-x+ 2 euser grpi 4096 Sep 21 00:17 logs/

$ touch a
touch: cannot touch `a': Permission denied

which is NOT 777 and you cannot do a touch... so?
# 4  
Old 10-03-2014
So you can't really set a user permission to 777. Each user or group will have a combination of read, write and execute (or not)

You are giving global write permission to the directory, so any user can change the directory. This means that any user can create, rename or delete files and therefore any user can remove and replace any sensitive file too.


Can you more clearly explain what is to be allowed and we can then suggest ways to grant those requirements and nothing else.



Regards,
Robin
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Solaris Study Advice Needed

I just have a question regarding learning Solaris, I have a Linux and AIX background and I would like to learn Solaris, I have been giving some Solaris 10 Study Guides and just wondered how relevant they would be to Solaris 11 or should I try and get some study materials which are targeted towards... (1 Reply)
Discussion started by: markmorris182mx
1 Replies

2. Emergency UNIX and Linux Support

Linux ACL issue

Hi All, I have an issue with linux acls, though I have implemented them I failed to foresee the issue.Now the server is in production and I would have to take down time to rectify it. And I hereby declare that this is not homework. The situation is as such I have a file system mounted with... (5 Replies)
Discussion started by: maverick_here
5 Replies

3. Linux

Scripting advice needed

Evening all, Im trying to get a script that will: Select the most 3 recent files in a specific directory Run a command on them (like chmod) Ask of you would like to continue Copy the files to another directory If a linux guru could help me out, it would be very much appreciated. Thanks... (2 Replies)
Discussion started by: Wiggins
2 Replies

4. UNIX for Advanced & Expert Users

'for' loop advice needed....!!

Scenario: Command used to capture IPs on a host: /usr/sbin/ifconfig -a | grep "inet" | egrep -v "inet6|0.0.0.0|192.168.100.2" | awk '{print $2}' Following for loop used to capture interface names: for INTERFACE in `/usr/sbin/ifconfig -a | nawk '$1 ~ /:$/ && $1 {sub(":$", "", $1); print... (3 Replies)
Discussion started by: ak835
3 Replies

5. Shell Programming and Scripting

'for' loop advice needed ....!!

/usr/sbin/ifconfig -a | grep "inet" | grep -v "inet6" | grep -v "127.0.0.1" | grep -v "0.0.0.0"|grep -v "192.168.100.2" | awk '{print $2}' I use above command to get IP addresses on AIX boxes.Values coming here are set to a variable "Host IPs.IP Addresses" in my fingerprinting engine. ... (4 Replies)
Discussion started by: ak835
4 Replies

6. Programming

urgent advice needed - gcc

what does the statement : static char a = "a"; store in the executable image. ?? I need to make a command line parameter exist AFTER the program finishes execution.. so that when i run the code next time ( without recompiling ).. i can work with the paramter.. for example: ... (5 Replies)
Discussion started by: a.k.aFireknight
5 Replies

7. Linux

GUI builder advice needed ......

Hello all, I need to develop an application that would be used as a simulator to test various custom algorithms. As I have never embarked on this kind of work, I need some advice: 1. Which GUI library to use in Linux, GTK+ or FLTK? The simulator application needs to output various... (2 Replies)
Discussion started by: fox_hound_33
2 Replies

8. Shell Programming and Scripting

eval problem.. advice needed!

Hi I need some major help with eval I have a statement using eval: read input eval variable$input=”something” Now I want to use the “variable$input” in some commands but I don't know how to call it without replacing the $input with the command line value (which I obviously can't do). ... (1 Reply)
Discussion started by: Cactus Jack
1 Replies

9. Solaris

Using San storage - advice needed

Thinking of using our San for network backups.. Have a Netra 240 being installed and planning to get some space on our San. Do you know what software is used to access the San from my server or what I would need to do? I know how to connect to local storage, disk arrays etc but not sure what... (1 Reply)
Discussion started by: frustrated1
1 Replies

10. Linux

programming advice needed....

i'm a grad student taking a UNIX course and a networks course (i have a background in C++ and JAVA). i'm trying to combine the two classes. My questions stems from a networks programming homework assignment below: "Using the operating system and language of your choice, develop a program to... (5 Replies)
Discussion started by: trostycp
5 Replies
Login or Register to Ask a Question