HPE Community
Operating System - Linux
1753331 Members
5211 Online
108792 Solutions
New Discussion юеВ

Re: ACL in linux

 
SOLVED
Go to solution
Manoj Sivan
Regular Advisor

тАО02-04-2007 03:37 PM

тАО02-04-2007 03:37 PM

ACL in linux

Hi Experts,

Can any one help me on this.

I want to give previlage to user1 to access user2's home directory using ACL. Both are in different groups. or is there a better way?

Please help.

Thanks in advance

Manoj Sivan
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО02-04-2007 08:19 PM

тАО02-04-2007 08:19 PM

Solution

Re: ACL in linux

Shalom,

groupadd theguys
# We create a group for both users.
usermod -G theguys user1
usermod -G theguys user2

chmod g+rwx /home/user1
chmod g+rwx /home/user2

chgrp theguys /home/user1
chgrp thegusy /home/user2

Its much simpler.

Since the users are in the same group they can access each others home directory

There are lots of ways to get this task complete.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ralph Grothe
Honored Contributor

тАО02-05-2007 12:14 AM

тАО02-05-2007 12:14 AM

Re: ACL in linux

You can enable ACLs on an Ext[23] filesystem easily if your kernel supports them

Note, most distros' vanilla kernels do support ACLs.
You could simply try modprobe the acl driver,
or refer to your distro's config file

e.g. on my RHEL 4.3 box

# grep ACL /boot/config-2.6.9-5.ELsmp
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y

# lvcreate -n lv_acl_support -L 128m vgrootX
Logical volume "lv_acl_support" created
# mkfs.ext3 -q /dev/vgrootX/lv_acl_support
max_blocks 134217728, rsv_groups = 16384, rsv_gdb = 256
inode.i_blocks = 3074, i_size = 67383296
# tune2fs -o acl /dev/vgrootX/lv_acl_support
tune2fs 1.35 (28-Feb-2004)
# mkdir -p /mnt/acl_fs
# mount -t ext3 -o acl /dev/vgrootX/lv_acl_support /mnt/acl_fs
# grep acl /etc/mtab
/dev/mapper/vgrootX-lv_acl_support /mnt/acl_fs ext3 rw,acl 0 0


You can also tuen2fs -o acl an existing ext filesystem, even if mounted I would assume, and mount -o remount,acl it online.

Then lookup and setup ACLs on files on that mount at your heart's content
(see man of getfacl and setfacl)


Madness, thy name is system administration
Reply
Ivan Ferreira
Honored Contributor

тАО02-05-2007 12:39 AM

тАО02-05-2007 12:39 AM

Re: ACL in linux

I suggest you to use the Steven E. Protter option or a similar variation, thus, to avoid system complexity that could derivate to less security.

Also, remember that not all backup tools can save ACLs.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО02-05-2007 07:16 PM

тАО02-05-2007 07:16 PM

Re: ACL in linux

Manoj,

I also agree that SEP's solution, while less ellegant, is easier and safer. The problem with ACL's is that you need to educate your user's to understand them.

A simple "ls -l" should append a plus-sign to the permissions string, however you need to use "getfacl" and "setfacl" in order to see all the permissions information.

I know it's old, but see: http://www.vanemery.com/Linux/ACL/linux-acl.html for more information.
0 Kudos
Reply
Mike Stroyan
Honored Contributor

тАО02-08-2007 11:08 AM

тАО02-08-2007 11:08 AM

Re: ACL in linux

There is one tweak that can make SEPs solution a little more liveable.
If user1 and user2 only have "theguys" as secondary groups then files they create won't belong to group "theguys". That means that they may have access to each other's home directories but be unable to read the files in them.

Adding a set-group-id bit on a directory in an ext2/ext3 filesystem will cause new files to be created in that directory with their group set to the same group as the directory. (And new directories under that directory will be created with the set-group-id bit on so the effect propagates downward.)

chmod g+rwxs /home/user1
chmod g+rwxs /home/user2


Reply
Andrea Rossi
Frequent Advisor

тАО02-12-2007 08:02 PM

тАО02-12-2007 08:02 PM

Re: ACL in linux

setfacl -Rx g:mygroup:rwx mydir
getfacl -R mydir

remenber to backup acl! most backup utils don't.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.