ACL Permission

Latest response

[ashraful@localhost ~]$ setfacl -m u:user1:rwx File1.Txt

This is My OutPut:

==============

[ashraful@localhost ~]$ getfacl File1.Txt
file: File1.Txt
owner: ashraful
group: ashraful
user::rw-
user:ashraful:rwx
user:user1:rwx
user:user2:--x
user:user3:r--
group::rw-
mask::rwx
other::r--

I Switch my user To user1:

==============================

[user1@localhost Documents]$ getfacl File1.txt

file: File1.txt
owner: ashraful
group: ashraful
user::rw-
group::rw-
other::r--

I apply Red,Write and Excutieve
But I see only Red,Write.
And I can't also Write This File;

[user1@localhost Documents]$ vi File1.txt
[user1@localhost Documents]$ cat >> File1.txt

bash: File1.txt: Permission denied

How Can I solve this Problem.

Thanks

Attachments

Responses

first, you may check the parent directory permission if there is no permission to write, change the permissions for the parent directory

Thanks For your quick reply. But I still the problem: I change the permission my parent Directory name is Document

[ashraful@localhost ~]$ getfacl Documents/

file: Documents/ owner: ashraful group: ashraful

user::rwx

group::rwx

other::rwx

I switch the user:

[user3@localhost ~]$ cat /home/ashraful/Document

cat: /home/ashraful/Document: Permission denied

I make permission again:

ashraful@localhost ~]$ setfacl -m u:user3:rwx Documents/File1.txt

[ashraful@localhost ~]$ getfacl Documents/File1.txt

file: Documents/File1.txt owner: ashraful group: ashraful

user::rwx

user:user1:rwx

user:user2:rw-

user:user3:rwx

user:user4:r--

group::rw-

mask::rwx

other::r-

[user3@localhost ~]$ cat /home/ashraful/Document

cat: /home/ashraful/Document: Permission denied

Hi Ashraful Islam

  • Make sure you are not trying to execute the cat command against a directory.
  • It seems the permissions for /home/ashraful/Document are not generous enough for user3 (and this is a good thing, because that is not the home drive for user3.
  • I highly recommend revisiting what is called "Discretionary Access Control", or "DAC" (Octal Permissions are part of this)
  • Please examine this carefully on DAC permissions, and also this very useful instructional article at Red Hat and lastly, this youtube video on permissions
  • Please go through the exercises carefully step-by-step in this instructional article on ACLs at Red Hat
  • If you are logged in as "user3" and attempting to enter the home drive of someone else, then it is normal not to be able to enter it because the Discretionary Access Control permissions should deny this.
  • Setting the ACL on the file named File1.txt that is under the directory named "/home/ashraful/Document/File1.txt" should be effectively useless because the directory named "/home/ashraful/Document" is not owned by user3, and no ACL seems to exist on the directory named "Document".
/home/ashraful/ (no ACL, Discretionary access control permissions give ownership to user "ashraful" NOT "user3", so this directory is not owned by user3, user3 SHOULD BE DENIED BY DEFAULT)
/home/ashraful/Document (An ACL here without an ACL on /home ashraful is effectively useless.)
  • If/when you post more, please surround your code you post with three tilde characters in a row, above and below ~~~

~~~
code goes here
~~~

It will look like this:

code goes here

This makes reading code in the discussion area easier.

Regards,
RJ

Ashraful Islam

Giving someone else an ACL to access your home directory is generally not a good idea. If you want to learn ACLs, make sure to fully understand Octal permissions mentioned in the previous post, and also groups, and how set-guid works with this. A better way to share documents is to have a shared drive that is not a person's home drive and share files there, generally speaking. Some may disagree, but it's better not to share one's user directory.

Kindly,
RJ

Lastly, verify permissions of parent directories such as:

ls -ld /home/ashraful/
  • That should show ONLY the permissions for the directory /home/ashraful/
  • Compare that with the Octal permissions guide I posted earlier, if the permissions are not "generous" enough, user3 will never get past home ashraful (and this is a good thing because one's home drive should be protected).
  • Please do go through the articles I posted to understand both Octal and ACLs, and even "set-guid".

Kind Regards,
RJ

I am really happy to get better information from you. You are best instructor here. Thanks for your reply. Thanks Ashraful Islam