Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › ACL Issues / Permission Issues - Could I get some help please
New Posts  All Forums:Forum Nav:

ACL Issues / Permission Issues - Could I get some help please

post #1 of 7
Thread Starter 
Is anyone here familiar with ACL's? I seem to be having a problem setting them up correctly.

Right now I am trying to setup a file server so that only specific groups can access those files.

I have my base folder /srv/ setup for 755 with root:root as the owner:group. Beyond that, I have an Applications folder which is setup in /srv/storage/Applications which is setup like so: http://pastebin.com/Tt1Tc19g

However, I can't create files, and I am not sure if I just have the ACL's set up wrong, or if it something else I am doing. If I create a file I get: "andrew@server:/srv/storage/Applications$ mkdir test" "mkdir: cannot create directory `test': Permission denied"

The user is part of the software group, I can traverse the folder, I just can't create folders/files. What am I doing wrong?

Mount: http://pastebin.com/kgDBP99w
Fstab: http://pastebin.com/tZkb0y3d
Edited by Lige - 4/14/12 at 12:13pm
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #2 of 7
If the permissions are 755, that means root is the only user that can write to that directory. That being said, if you want any other user to write you nee to change the (group) permissions to something like 775. Which will give the users in the group that own the file the ability to write.

I suggest making a new group, "your group name" and putting the users you want in it. And then changing the permissions as such:
Code:

# groupadd "your group name"

# usermod -a -G "your group name" "username"

# chmod 775 /srv/

# chown -R root:"your group name" /srv/

Now whatever user you add to "your group name" will be able to write to /srv and all its child directories.

Also your paste bin links no worky tongue.gif
Edited by 10halec - 4/15/12 at 1:00pm
Coming Soon!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K ASRock P67 EXTREME4 GEN3 Sapphire Toxic HD 6950 2GB G.SKILL Ripjaws X Series 8GB (2 x 4GB) 
Hard DriveOSCase
Crucial m4 128gb (boot/games), SAMSUNG F3 1tb Windows 7 Ultimate, Fedora 14 Corsair 650D 
  hide details  
Reply
Coming Soon!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K ASRock P67 EXTREME4 GEN3 Sapphire Toxic HD 6950 2GB G.SKILL Ripjaws X Series 8GB (2 x 4GB) 
Hard DriveOSCase
Crucial m4 128gb (boot/games), SAMSUNG F3 1tb Windows 7 Ultimate, Fedora 14 Corsair 650D 
  hide details  
Reply
post #3 of 7
Doesn't really look like you are using ACL's based on your description. However, I can't see your pastebin, so i don't know.

ACL's are used by using the getfacl and setfacl commands. What you are trying to do may be attainable without using ACL's at all.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #4 of 7
I was going to say it, but was hoping somebody else would.

1) You shouldn't have users create files outside of /home, everything outside of /home should be owned and ran by root. There are no exceptions to that, you want users to own/create stuff make the folders in /home and you will get just that. (Ugh, I hate people who are going to point this out as wrong. It makes me go back and edit stuff, so they don't. While you can get away with the previous point, I won't advise it and most people here won't either)

2) You aren't using ACLs when you use chmod and those tools. Your using the basic file permissions in linux, 755 means:

Owner: Read/Write/Execute
Group: Read/Write
Other: Read/Write

http://www.tuxfiles.org/linuxhelp/filepermissions.html

Read that, it'll explain regular permissions correctly.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #5 of 7
Quote:
Originally Posted by mushroomboy View Post

I was going to say it, but was hoping somebody else would.
1) You shouldn't have users create files outside of /home, everything outside of /home should be owned and ran by root. There are no exceptions to that, you want users to own/create stuff make the folders in /home and you will get just that. (Ugh, I hate people who are going to point this out as wrong. It makes me go back and edit stuff, so they don't. While you can get away with the previous point, I won't advise it and most people here won't either)

You're going to hate me then because that is completely wrong. There's a number of examples where it's best practice to have non-root ownership outside of /home:
  • Some daemons need to be owned by the daemon (I see this more with Python apps for some reason)
  • Your http docs are almost always stored outside of /home (these should /never/ be owned as root)
  • Anything mounted in /media will be owned by the person who mounted it
  • And then you have required "nobody" permissions for some files too

However even these aside, you can have non-root files anywhere you want (within reason obviously - you wouldn't want user stuff in /etc lol).

In fact I actually keep my NAS's storage pool in a folder named /zprimus so I can easily differentiate the OS's users data (/home) from the network accessible user data (/zprimus).
Edited by Plan9 - 4/18/12 at 11:47am
post #6 of 7
Quote:
Originally Posted by mushroomboy View Post

I was going to say it, but was hoping somebody else would.
2) You aren't using ACLs when you use chmod and those tools. Your using the basic file permissions in linux, 755 means:
Owner: Read/Write/Execute
Group: Read/Write
Other: Read/Write

http://www.tuxfiles.org/linuxhelp/filepermissions.html
Read that, it'll explain regular permissions correctly.

Also 755 would be

Owner: Read/Write/Execute
Group: Read/Execute
Other: Read/Execute

4 = read
2 = write
1 = execute

What you had was 766..
Coming Soon!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K ASRock P67 EXTREME4 GEN3 Sapphire Toxic HD 6950 2GB G.SKILL Ripjaws X Series 8GB (2 x 4GB) 
Hard DriveOSCase
Crucial m4 128gb (boot/games), SAMSUNG F3 1tb Windows 7 Ultimate, Fedora 14 Corsair 650D 
  hide details  
Reply
Coming Soon!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K ASRock P67 EXTREME4 GEN3 Sapphire Toxic HD 6950 2GB G.SKILL Ripjaws X Series 8GB (2 x 4GB) 
Hard DriveOSCase
Crucial m4 128gb (boot/games), SAMSUNG F3 1tb Windows 7 Ultimate, Fedora 14 Corsair 650D 
  hide details  
Reply
post #7 of 7
lol Yeah, i didn't look it up I just guessed off the top of my head.

Plan9, yeah if you know what your doing that's fine. I just don't advise it for anyone starting off as something you should practice doing, that way by the time you know what your doing you realize you how easy you can do this. it's mainly to keep people from botching system stuff.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › ACL Issues / Permission Issues - Could I get some help please