Facing issues with ACL

brnandakrishnan · January 27, 2015, 11:08am

I have a doubt regarding ACL

I want to give permissions to a group using ACL

A directory created in SKEL directory needs to have a default ACL set that allows the
members of the group “linux” to read all files and subdirectories.

But after doing above steps, if i add new user to a system with group as linux it
is not applying default ACL.Need some help

Miuku · January 27, 2015, 11:46am

In skel;


setfacl -d -m g:linux:rwx directory

Breakdown:
setfacl = set acl’s.
-d = default
-m = modify existing acl
g = group, linux is naturally the name of the group and rwx are the default permissions for the directory and ALL FILES UNDER IT.

Then run:
getfacl /home/derp/directory

derp
naturally being the account you created, it should print out something like:


# file: home/derp/linux/
# owner: derp
# group: users
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:linux:rwx
default:mask::rwx
default:other::r-x

As you can see, when creating the new user the permissions for the directory (default ones) were retained and all files created under it will be read-write-execute for users in the linux group.

And I’m really bad at explaining this stuff - more in-depth guide to setfacl/getfacl -> https://activedoc.opensuse.org/book/opensuse-123-security-guide/chapter-9-access-control-lists-in-linux

hendersj · January 27, 2015, 6:31pm

On Tue, 27 Jan 2015 10:16:01 +0000, brnandakrishnan wrote:

> I have a doubt regarding ACL
>
> I want to give permissions to a group using ACL
>
> A directory created in SKEL directory needs to have a default ACL set
> that allows the members of the group “linux” to read all files and
> subdirectories.
>
> But after doing above steps, if i add new user to a system with group as
> linux it is not applying default ACL.Need some help

There’s no need to ask the same question in multiple forums here - pick
the one that seems most suitable, and if it needs to be moved, someone on
staff can move it.

Youv’e asked this same question in the install/boot/login forum as well.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

venzkep · January 28, 2015, 7:12am

On 1/27/2015 4:56 AM, Miuku wrote:
>
> In skel;
>
> Code:
> --------------------
>
> setfacl -d -m g:linux:rwx directory
>
> --------------------
>
>
>
With KDE this can also be done in the GUI. Right click the directory, Properties > Permissions > Advanced Permissions >
Add Entry. Here you can specify ACLs for the Mask, Users and Groups. Depending on the permissions of the directory you
may need to use “File Manager-Super User Mode”

–
P.V.
“We’re all in this together, I’m pulling for you” Red Green

brnandakrishnan · January 31, 2015, 10:12am

Hi,

We can set th e permissions following your steps or by using setfacl command.
But if i create a directory in skel, all contents will be copied when the new users are created
So if i set the permissions using ACL to a folder in skel directory its not applying to new users.

Miuku · January 31, 2015, 10:20am

I tested the setfacl in a fresh virtualized system and it works properly if I add users with adduser.

Hard to say where the problem is in your case then.

brnandakrishnan · February 1, 2015, 7:59am

Thanks, it worked with user add command, even i tried with fresh VM’s, Finally it worked

brnandakrishnan · February 1, 2015, 8:00am

Thanks, it worked with useradd command, i tried with fresh VM’s, looks like it is the problem with the VM’s Finally it worked