Access to file unable but access is rw- for named group

jcdole · May 4, 2017, 3:57pm

Hello
I have a problem to edit a file with kate.
Session open for normal user : user_test1
Public folder : /d_pub_folder - owner publicuser:publicuser
Public subfolder : /d_pub_folder/user_test2 - owner publicuser:publicuser
The file to edit : /d_pub_folder/user_test2/test_user_test2_04.txt - owner user_test2:publicuser

user_test1@LINUX:~> getfacl /d_pub_folder
getfacl: Removing leading '/' from absolute path names
# file: d_pub_folder
# owner: publicuser
# group: publicuser
# flags: -st
user::rwx
group::rwx
group:publicuser:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:publicuser:rwx
default:mask::rwx
default:other::---

user_test1@LINUX:~> getfacl /d_pub_folder/user_test2
getfacl: Removing leading '/' from absolute path names
# file: d_pub_folder/user_test2
# owner: publicuser
# group: publicuser
# flags: -st
user::rwx
group::rwx
group:publicuser:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:publicuser:rwx
default:mask::rwx
default:other::---

user_test1@LINUX:~> getfacl /d_pub_folder/user_test2/*
getfacl: Removing leading '/' from absolute path names
# file: d_pub_folder/user_test2/test_user_test2_03.txt
# owner: user_test2
# group: publicuser
user::rw-
group::rwx                         #effective:rw-
group:publicuser:rwx            #effective:rw-
mask::rw-
other::---

# file: d_pub_folder/user_test2/test_user_test2_04.txt
# owner: user_test2
# group: publicuser
user::rw-
group::rwx                         #effective:rw-
group:publicuser:rwx            #effective:rw-
mask::rw-
other::---

user_test1 can modify the file /d_pub_folder/user_test2/test_user_test2_04.txt ( owned by user_test2 ) using **vi
**
user_test1 can modify the file /d_pub_folder/user_test2/test_user_test2_04.txt ( owned by user_test2 ) using Kate

user_test1 and user_test2 belongs to system groups : “users” and “publicuser”.
These kind of users may do any things in any public folders but cannot delete objects they do not owned.

Note : A script is started by after.local which remove the execute bit (x) of new created file by calling inotifywait .

Any help is welcome.

tsu2 · May 6, 2017, 1:14pm

Unclear what your problem is.
You open by saying that you have a problem editing a file using Kate.
But, nowhere thereafter do you describe this problem further (typo that Kate works for everything thereafter?)

Also,
When you talk about public folders, is the folder published as a network share?
If so, then depending on the type of network share you may have an additional “Share” level of security on top of your system file permissions.

TSU

jcdole · May 6, 2017, 2:21pm

In post #1 one must read :

user_test1** can** modify the file /d_pub_folder/user_test2/test_user_test2_04.txt ( owned by user_test2 ) using vi
**
user_test1 cannot** modify the file /d_pub_folder/user_test2/test_user_test2_04.txt ( owned by user_test2 ) using Kate

Using kate the user get

"Check that you have write access to this file or that enough disk space is available"

For the moment, they are local folders on a single computer for multi-users use.
They are not network shares.
The ACL code say that the file is rw- effective for group publicuser. So why user “user_test1” which belongs to group “publicuser” could modify files using vi but could not when using kate.

jcdole · May 6, 2017, 3:53pm

File system is XFS

jcdole · May 7, 2017, 1:49pm

in fstab the xfs parameter is default.

jcdole · May 15, 2017, 4:30pm

I have open a bug report to suse.
Following the answer, I have open a bug report to KDE

Suse : http://bugzilla.opensuse.org/show_bug.cgi?id=1038435

KDE : http://bugs.kde.org/show_bug.cgi?id=379818

Wait and see.