HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

setacl

 
SOLVED
Go to solution
himacs
Super Advisor

setacl

Hi Admins,

I have a strange problem here with setacl.

A normal user wants to open some files under /data01/data.
i used below commands
setacl -m user:bkp:r-- /data01/data
setacl -m user:bkp:r-- /data01

After this when user tried to open it was saying permission denied.
I solved this giving r-x permission with setacl.
But my Q is with r-- why user not able to open files.

regards,
himacs
3 REPLIES
Mel Burslan
Honored Contributor
Solution

Re: setacl

never used setacl and don't want to use it ever again in my life but looking at the ACLs you defined, you just gave the user read access to /data01 directory. In order to access the contents of the directory, I presume a user at least needs a r-x permission.

I am not saying this from setacl experience but from a general access permissions standpoint.

One more time, if you get into creating ACLs for users, you will make life miserable for them and for yourself in the long run. I dealt with ACLs in my dark days of VMS administration and it was not fun. Right now, when someone utters the word ACL, I step outside. My 2 cents.
________________________________
UNIX because I majored in cryptology...
himacs
Super Advisor

Re: setacl

Hi Mel,

Thanks for ur reply..

You are rite.We reuire atleast r-x to access a file.


<>
How? i have not worked much with ACLs.

regards,
himacs
Mel Burslan
Honored Contributor

Re: setacl

How is a very good question. Right now you might have few files you assign ACLs to. AFter a while this becomes a common practice and everyone either requests it or you have to give it to them because of the file/directory level permissions not being enough. Not before long time passes, you realize you have hundreds if not thousands of files that you need to keep track of the ACLs for. Not fun ! Especially a user one days comes and tells you he lost access to his or her files and you can not figure out why.
________________________________
UNIX because I majored in cryptology...