setfacl: What's wrong with this?

setfacl: What's wrong with this?

Post by Chuc » Fri, 04 Feb 2005 23:45:46



I'm new to ACLs. Can someone explain why I'm getting the error below
from setfacl? The current directory is owned by psoft. I want to add an
ACL to the current directory so that only jsmith can add files to it. I
also want psoft to be able to read and delete that file but not change it.

$ ls -ld .
drwxr-xr-x+  2 psoft    psoft        512 Feb  3 09:28 ./

$ getfacl .

# file: .
# owner: psoft
# group: psoft
user::rwx
user:psoft:r-x          #effective:r-x
group::r-x              #effective:r-x
mask:r-x
other:r-x
default:user::rw-
default:group::---
default:other:---

$ setfacl -m d:u:jsmith:rw- .
Missing user/group owner, other, mask entry
aclcnt 9, file .
--
To reply by email remove "_nospam"

 
 
 

setfacl: What's wrong with this?

Post by Thomas Maier-Komo » Sat, 05 Feb 2005 00:56:38



> I'm new to ACLs. Can someone explain why I'm getting the error below
> from setfacl? The current directory is owned by psoft. I want to add an
> ACL to the current directory so that only jsmith can add files to it. I
> also want psoft to be able to read and delete that file but not change it.

> $ ls -ld .
> drwxr-xr-x+  2 psoft    psoft        512 Feb  3 09:28 ./

> $ getfacl .

> # file: .
> # owner: psoft
> # group: psoft
> user::rwx
> user:psoft:r-x          #effective:r-x
> group::r-x              #effective:r-x
> mask:r-x
> other:r-x
> default:user::rw-
> default:group::---
> default:other:---

> $ setfacl -m d:u:jsmith:rw- .
> Missing user/group owner, other, mask entry
> aclcnt 9, file .

try

$ setfacl -a d:u:jsmith:rw- .

but I guess, what you want cannot be done with ACLs...

 
 
 

setfacl: What's wrong with this?

Post by brandysi.. » Sat, 05 Feb 2005 01:00:24


you are attempting to use default entry ( d:u:jsmith:rw- )
to use default you must also specify default for group and mask, cannot
just do user default.
setfacl -m d:u:jsmith:rw-,d:u::r-x,d:g::r-x,d:m:r-x .
 
 
 

setfacl: What's wrong with this?

Post by Peter C. Tribb » Sat, 05 Feb 2005 01:04:32




Quote:> I'm new to ACLs. Can someone explain why I'm getting the error below
> from setfacl? The current directory is owned by psoft. I want to add an
> ACL to the current directory so that only jsmith can add files to it. I
> also want psoft to be able to read and delete that file but not change it.

> $ ls -ld .
> drwxr-xr-x+  2 psoft    psoft        512 Feb  3 09:28 ./

> $ getfacl .

> # file: .
> # owner: psoft
> # group: psoft
> user::rwx
> user:psoft:r-x          #effective:r-x
> group::r-x              #effective:r-x
> mask:r-x
> other:r-x
> default:user::rw-
> default:group::---
> default:other:---

> $ setfacl -m d:u:jsmith:rw- .
> Missing user/group owner, other, mask entry
> aclcnt 9, file .

You haven't supplied any entries for the user/group owner, other, mask.

When setting up a default ACL, you need to supply all the fields.

setfacl -m u:jsmith:rwx,m:rwx .

to allow jsmith to write to the directory, and

setfacl -m d:u::rwx,d:g:---,d:o:---,d:m:rwx,d:u:psoft:r-- .

to set the defaults.

--
-Peter Tribble
MRC Rosalind Franklin Centre for Genomics Research
http://www.rfcgr.mrc.ac.uk/~ptribble/ - http://ptribble.blogspot.com/