Issue with ACL's

luisam_95

luisam_95

New Member
Joined
Feb 11, 2023
Messages
4
Reaction score
2
Credits
36
Hi, I have a problem. I've created a file called acluser1 in /tmp/ as a user1 and I've it set ACL permissions rwx to user100.
But when I try to modify the file /tmp/uacluser1 as user100 I got this message: "acluser1" E212: Can't open file for writing
Why, Am I doing something wrong?
Thanks.
 

Attachments

  • aa.png
    aa.png
    24.9 KB · Views: 146
  • fdfdfdf.png
    fdfdfdf.png
    33.5 KB · Views: 125


luisam_95 said:
Hi, I have a problem. I've created a file called acluser1 in /tmp/ as a user1 and I've it set ACL permissions rwx to user100.
But when I try to modify the file /tmp/uacluser1 as user100 I got this message: "acluser1" E212: Can't open file for writing
Why, Am I doing something wrong?
Thanks.
Click to expand...
In order to be able to alter an existing file, you also need permission to update the directory it resides in. The permissions on /tmp are usually rxwrwxrwt, the t (sticky bit permission) will only allow the owner to modify a resident file.

Rather than applying an ACL or permissions to /tmp Perhaps create sub folder in /tmp with it's own ACL or permissions, then put the file inside the sub-folder.
 
digitaltrails said:
In order to be able to alter an existing file, you also need permission to update the directory it resides in. The permissions on /tmp are usually rxwrwxrwt, the t (sticky bit permission) will only allow the owner to modify a resident file.

Rather than applying an ACL or permissions to /tmp Perhaps create sub folder in /tmp with it's own ACL or permissions, then put the file inside the sub-folder.
Click to expand...
I did what you told me but it didn't work. I created another particular folder '/users' and put the files in there. I set the permissions, ACL's to those files and it worked. The /tmp sticky bit did not allow me to modify the files.
Thank you.
 
luisam_95 said:
I did what you told me but it didn't work. I created another particular folder '/users' and put the files in there. I set the permissions, ACL's to those files and it worked. The /tmp sticky bit did not allow me to modify the files.
Thank you.
Click to expand...
Thanks for the follow up, now I've learnt something too.
 
luisam_95 wrote:
Hi, I have a problem. I've created a file called acluser1 in /tmp/ as a user1 and I've it set ACL permissions rwx to user100.
Click to expand...
The user with UID 100 on my system is:
Code: 
[flip@flop /etc]$ grep 100 passwd
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
<snip>
which looks like its "shell" is /bin/false, which won't be able to do much. The man page for "false" says"
false - do nothing, unsuccessfully
Click to expand...
which sounds like what you've experienced in part.
 
osprey said:
luisam_95 wrote:

The user with UID 100 on my system is:
Code: 
[flip@flop /etc]$ grep 100 passwd
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
<snip>
which looks like its "shell" is /bin/false, which won't be able to do much. The man page for "false" says"

which sounds like what you've experienced in part.
Click to expand...
If I read the post correctly, it was a username of user100, not UID 100. So the UID is not likely an issue.
 
It's because the of the sticky t bit on the /tmp directory, that causes any file in that directory to only be allowed to be edited by it's owner(and root). Create a directory where that user has write permissions and place the file acluser1 file there you should be able to edit it by the user that has acl write permissions.
So create a new directory without the the t bit, so for example create a directory /tmp/testdir1 where user1 is the owner and then place the acluser1 file in that directory.
www.redhat.com

Linux permissions: SUID, SGID, and sticky bit

Linux permissions are a concept that every user becomes intimately familiar with early on in their development. We need to execute scripts, modify files, and run processes in order to administer systems effectively, but what happens when we see Permission denied? Do you know why we see this...
www.redhat.com www.redhat.com
 
Last edited:
As f33dm3bits mentioned in post #9, the sticky bit allows only owners of files to change them. The suggestion of removing the sticky bit from /tmp however, is unwise given that a number of system processes use /tmp and expect the sticky bit to be set to protect them from other users.
 
Last edited:
osprey said:
The suggestion of removing the sticky bit from /tmp however, is unwise given that a number of system processes use /tmp and expect the sticky bit to be set.
Click to expand...
Agree, I edited my original post I was still waking up so wasn't thinking about my first suggestion.
 
osprey said:
Yes, you are likely to be quite correct and I think I misinterpreted the text.
Click to expand...
If it helps, I thought the same exact thing at first. Then I re-read the post and decided not to answer.
 
You must log in or register to reply here.

Members online

Total: 953 (members: 3, guests: 950)

Latest posts

Top