FACL doesnot work on rhel 8
-
I have a folder in / called gtic and I've asigned a FACL permission on it.
As you can see in the picture, the owner is root and the group is gtic.
I applied the facl permission so as to the user toni could rwx inside this folder.The problem that I have is that when I want to create a file using the user toni (file3.txt) I got permission denied
so, I don't understand why this is wrong. It seems the rule has not applied.Could you help me?
-
Rodrigo,
It looks like you set the default FACL, but didn't actually assign permissions to the directory. You didn't share the command you typed to assign the FACL, but I'm pretty sure I can guess it. I recreated your example by doing the following:
dpezet@Dons-Desktop:~$ sudo useradd toni dpezet@Dons-Desktop:~$ mkdir gtic dpezet@Dons-Desktop:~$ setfacl -d -m u:toni:rw ./gtic dpezet@Dons-Desktop:~$ getfacl gtic # file: gtic # owner: user # group: user user::rwx group::rwx other::r-x default:user::rwx default:user:toni:rw- default:group::rwx default:mask::rwx default:other::r-x
This sets the default for new files in the directory to give read and write access to Toni. However, it doesn't actually give Toni the ability to write a new file in the folder. For that, we need one more command.
dpezet@Dons-Desktop:~$ setfacl -m u:toni:rwx ./gtic dpezet@Dons-Desktop:~$ getfacl gtic # file: gtic # owner: user # group: user user::rwx user:toni:rwx group::rwx mask::rwx other::r-x default:user::rwx default:user:toni:rw- default:group::rwx default:mask::rwx default:other::r-x
Notice that I left off the
-d
argument so that I am assigning actual permissions. Now we can see that Toni has permission to write into the folder. I granted execute as well since that is required to navigate into and view a folder's contents. From here, we can test it out.dpezet@Dons-Desktop:~$ cd gtic dpezet@Dons-Desktop:~/gtic$ su toni $ touch file.txt $ ls -la total 8 drwxrwxr-x+ 2 user user 4096 Sep 15 07:55 . drwxr-xr-x 18 user user 4096 Sep 15 07:53 .. -rw-rw-r--+ 1 toni toni 0 Sep 15 07:55 file.txt $