PDA

View Full Version : Help me about getfacl



p4rk3r
28th July 2010, 05:32 AM
Hi everyone im try to config my file whic name is about.txt when i perform the getfacl syntax it's only show something like these :

$ getfacl about.txt
# file: about.txt
# owner: harry
# group: harry
user::rw-
group::rw-
other::rw-

there are several question

1. How to find mask inside getfacl result command ? is there something that i have to config first ?
2. When i perform setfacl command like setfacl -m u:david:7 about.txt it perform the result like setfacl: Option -m: Invalid argument near character 3, how i can get the result for this command ?

Please explain to me, thank you

stevea
28th July 2010, 06:17 AM
Hi everyone im try to config my file whic name is about.txt when i perform the getfacl syntax it's only show something like these :

$ getfacl about.txt
# file: about.txt
# owner: harry
# group: harry
user::rw-
group::rw-
other::rw-

there are several question

1. How to find mask inside getfacl result command ? is there something that i have to config first ?
2. When i perform setfacl command like setfacl -m u:david:7 about.txt it perform the result like setfacl: Option -m: Invalid argument near character 3, how i can get the result for this command ?

Please explain to me, thank you


The MASK ACE (access control entry) for POSIX ACLs is not required, it's an optional ACE. So not every file's metadata has a mask. If the file has the mask ACE, then getfact will print it like this ...

[stevea@nidula Desktop]$ setfacl -m m:rwx /tmp/testfile
[stevea@nidula Desktop]$ getfacl /tmp/testfile
getfacl: Removing leading '/' from absolute path names
# file: tmp/testfile
# owner: stevea
# group: stevea
user::rw-
group::rw-
mask::rwx
other::r--

Normally when you create a file under Linux, on a file system without acl support, , it is created with basic POSIX permissions (owner,group-owner,other:rwxrwxrwx). There is a simple translation between these and the ACL representation of permissions. The translation to ACLs from 'basic' never requires a mask.

So if I type "getfacl somefile" and the filesystem of somefile does not support ACLs then getfact will print the translation (without mask). To properly support ACLs you must mount a filesystem that supports ACLs (ext3, ext4 for example) with the "acl" option. You can put the "acl" option in the /etc/fstab file as a mount option See "man mount " for documentation.

On your second question ...

[stevea@nidula Desktop]$ setfacl -m u:root:rx /tmp/testfile
[stevea@nidula Desktop]$ getfacl /tmp/testfile
getfacl: Removing leading '/' from absolute path names
# file: tmp/testfile
# owner: stevea
# group: stevea
user::rw-
user:root:r-x
group::rw-
mask::rwx
other::r--


This syntax works and is correct. Also you can specify the permission as 0...7 instead of rwx. or ---.
The message implies that 'david' is not a user. Does the name appear in /etc/passwd ?


[stevea@nidula Desktop]$ setfacl -m u:no_such_user:rw /tmp/testfile
setfacl: Option -m: Invalid argument near character 3

You are using a bad user name, 'david'. The actual file metadata fo rthe ACE contains the ACE identifier ((user, owner, user ,group-owner, group,, other ...) the UID for the username and the three permission bits for rwx. You have supplied a bad user name "david", and the setfacl cannot find the name in /etc/passwd.

p4rk3r
28th July 2010, 06:34 AM
thank you very much for your explanation