ACL question?

ACL question?

Post by s.. » Wed, 20 Sep 2000 04:00:00



Please help with this:

How can I allow user accesses directory and files(in the dir) which he
is neither the owner nor belongs to the group using ACL?

Example:

directory: 755 root:other /test
user: abc
group: xyz

did this:
#setfacl -m user:abc:6,mask:6 test

directory changed to:
drwxrw-r-x+ root other /test

#getfacl test
user::rwx
user:abc:rw-   #effective:rw-
group::r-x     #effective:r--
mask:rw-
other:r-x

#su - abc
$cd /test

Permission denied!!!

The same setfacl command works for files in the /test(if I leave
/test 755)

What's differences between file and dir for ACL?

Why permission denied? How can do this?

Thanks in advance.

Kurt.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

ACL question?

Post by n.paul.. » Wed, 20 Sep 2000 04:00:00



>Please help with this:

>How can I allow user accesses directory and files(in the dir) which he
>is neither the owner nor belongs to the group using ACL?

>Example:

>directory: 755 root:other /test
>user: abc
>group: xyz

>did this:
>#setfacl -m user:abc:6,mask:6 test

>directory changed to:
>drwxrw-r-x+ root other /test

>#getfacl test
>user::rwx
>user:abc:rw-   #effective:rw-    

!!!! I think you need execution right for abc to cd /test

- Show quoted text -

Quote:>group::r-x     #effective:r--
>mask:rw-
>other:r-x

>#su - abc
>$cd /test

>Permission denied!!!

>The same setfacl command works for files in the /test(if I leave
>/test 755)

>What's differences between file and dir for ACL?

>Why permission denied? How can do this?

>Thanks in advance.

>Kurt.

>Sent via Deja.com http://www.deja.com/
>Before you buy.


 
 
 

ACL question?

Post by Peter C. Tribb » Thu, 21 Sep 2000 04:00:00




Quote:> Please help with this:

> How can I allow user accesses directory and files(in the dir) which he
> is neither the owner nor belongs to the group using ACL?

> Example:

> directory: 755 root:other /test
> user: abc
> group: xyz

> did this:
> #setfacl -m user:abc:6,mask:6 test

Why 6?

Quote:> directory changed to:
> drwxrw-r-x+ root other /test

That's right, you've not given them execute access. The permissions
here are showing the most generous permissions that group or named
users in the ACL can have.

Quote:> #getfacl test
> user::rwx
> user:abc:rw-   #effective:rw-
> group::r-x     #effective:r--
> mask:rw-
> other:r-x

> #su - abc
> $cd /test

> Permission denied!!!

> The same setfacl command works for files in the /test(if I leave
> /test 755)

> What's differences between file and dir for ACL?

There's no difference in the ACL, but in order to cd into directories
(or access files within them) you need the execute bit turned on.

Quote:> Why permission denied? How can do this?

You need to set the permissions to rwx, not to rw-

setfacl -m user:abc:7,mask:7 test

will do it.

--
-Peter Tribble
HGMP Computing Services
http://www.hgmp.mrc.ac.uk/~ptribble/

 
 
 

ACL question?

Post by s.. » Thu, 21 Sep 2000 04:00:00


Peter,

Thanks for your help.

It works with 7. Why 6? I learned from man page and the example is for a
file. I think I don't understand this before "but in order to cd into
directories (or access files within them) you need the  execute bit
turned on". Because all the files under /test are text files so I
thought I didn't need "x".

Another newbee question:

Is there a way to do recursive ACL like -R option when you do "rm -R
/test"? What's the best way to give everything under /test the same ACL
permission as /test?

TIA.

Warmest Regards,

Kurt H. Sun, OCP

Software Engineer
Focus:HOPE Information Systems
---------------------------------------------------
Direct:    313/494-4520
Fax:        313/494-4290
Pager:    313/250-8837





> > Please help with this:

> > How can I allow user accesses directory and files(in the dir) which
he
> > is neither the owner nor belongs to the group using ACL?

> > Example:

> > directory: 755 root:other /test
> > user: abc
> > group: xyz

> > did this:
> > #setfacl -m user:abc:6,mask:6 test

> Why 6?

> > directory changed to:
> > drwxrw-r-x+ root other /test

> That's right, you've not given them execute access. The permissions
> here are showing the most generous permissions that group or named
> users in the ACL can have.

> > #getfacl test
> > user::rwx
> > user:abc:rw-   #effective:rw-
> > group::r-x     #effective:r--
> > mask:rw-
> > other:r-x

> > #su - abc
> > $cd /test

> > Permission denied!!!

> > The same setfacl command works for files in the /test(if I leave
> > /test 755)

> > What's differences between file and dir for ACL?

> There's no difference in the ACL, but in order to cd into directories
> (or access files within them) you need the execute bit turned on.

> > Why permission denied? How can do this?

> You need to set the permissions to rwx, not to rw-

> setfacl -m user:abc:7,mask:7 test

> will do it.

> --
> -Peter Tribble
> HGMP Computing Services
> http://www.hgmp.mrc.ac.uk/~ptribble/

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

ACL question?

Post by Peter C. Tribb » Thu, 21 Sep 2000 04:00:00




Quote:

> Is there a way to do recursive ACL like -R option when you do "rm -R
> /test"? What's the best way to give everything under /test the same ACL
> permission as /test?

You have to construct something using find and -exec.

find /test -exec setfacl -m user:abc:7,mask:7 {} \;

Yes, I wish there was a -R option to setfacl too.

--
-Peter Tribble
HGMP Computing Services
http://www.hgmp.mrc.ac.uk/~ptribble/

 
 
 

ACL question?

Post by Barry Margoli » Thu, 21 Sep 2000 04:00:00



>Peter,

>Thanks for your help.

>It works with 7. Why 6? I learned from man page and the example is for a
>file. I think I don't understand this before "but in order to cd into
>directories (or access files within them) you need the  execute bit
>turned on". Because all the files under /test are text files so I
>thought I didn't need "x".

You don't need x permission on the files, but you need it on the
directories.  Execute permission on directories has nothing to do with
executing.  It controls whether you can access the files that are in the
directory, and also whether you can cd into the directory.  If you have
read permission but not execute permission to a directory all you can do is
get the filenames contained, but you can't access the files in any way (you
can't even use "ls -l" on them).

To avoid confusion, some people refer to the x permission on directories as
"search" rather than "execute".

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.