GROUPS, FACL, TOUCH
-
STEP 1: Three users are made by user "kali" named - "anmol", "sehaj", "prachi".
STEP 2: One group was made by user "kali" named - "C"
STEP 3: ALL three users are put in the C group, - "anmol" , "sehaj", "prachi".
STEP 4: Made one directory named "C" by "kali"
STEP 5: setfacl -m d:g:C:rwx C
STEP 6: chmod g+t C
STEP 7: su anmol
STEP 8: newgrp C //or I did change primary group of ANMOL by kali using sudo
STEP 9: touch anmol.txt
---PERMISSION DENIED---
WHY ?????????????????????IF ANMOL IS IN GROUP "C" and I give all access to group C then why he can't make anything ? even after changing explicitly it's primary group from anmol to C
-
What distro are you running? My first thought is that AppArmor or SELinux may be preventing preventing file creation. Let me know what distribution you are running and I will test out your steps to see what is blocking it.
-
@Don-Pezet Sir, it's Kali linux latest version , arm build in raspberry pi 4.
Thank You for your reply. -
OK, I recreated your steps in Kali and tracked down the problem. You set the default permissions for the group
default:group:C:rwx
as opposed to specific permissions for the groupgroup:C:rwx
. Most distros (including Kali) ignore the specific group defaults and only use the generic group defaultdefault:group::r-x
.Run the following command to set the actual permissions for the "C" group:
setfacl -m g:C:rwx C
Notice how I left off the
d:
part. That will result in the following permissions:┌──(anmol㉿kali)-[/home/kali] └─$ getfacl C # file: C # owner: kali # group: kali user::rwx group::r-x group:C:rwx mask::rwx other::r-x default:user::rwx default:group::r-x default:mask::rwx default:other::r-x
Once that is set, the users in group C will be able to write files to the folder.
-
@Don-Pezet Thank You so much sir, for your help. I m really blessed to connect with you and sorry if I made any inconvineince to you. You are really a great teacher.
Thank you once again.