acl interview questions
Top acl frequently asked interview questions
There is a folder that is owned by user tomcat6:
drwxr-xr-x 2 tomcat6 tomcat6 69632 2011-05-06 03:43 document
I want to allow another user (ruser) write permissions on document folder. The two users (tomcat6 and ruser) does not belong to same group. I have tried using setfacl:
sudo setfacl -m u:ruser:rwx document
but this gives me setfacl: document: Operation not supported error. Kindly help me.
Source: (StackOverflow)
I have set up a maintenance Network via OpenVPN. However, when I log into a computer (e.g. via remote desktop) and someone else is using it at the same time I have either to accept that she is able to access the VPN once I established the connection, or I need to force her to log off.
Both is suboptimal.
Is it possible to set ACLs to NICs? Or otherwise disable the access to the network for a certain user?
I need it on XP and 7, but a solution only working for one of them is already a big enhancement.
Source: (StackOverflow)
I'm trying to find the terminal command on a Mac to remove ACL to fix user permissions on a folder that gives an error code when I try to copy it (error code -41).
Source: (StackOverflow)
Is it possible in Windows 7 to restrict which EXEs can access a certain folder?
Let's imagine I have a folder (c:\myfolder) with some data files that can only be opened by a certain EXE.
For example, I would like MyApp1.EXE to be able to open files in c:\myfolder but I do not want other EXEs (such as notepad) from being able to open the files in that folder.
Is this possible?
Source: (StackOverflow)
ls -l
-rwxr-xr-x 1 root root 885 2010-07-08 13:55 /etc/backup-number-of-files*
-rwxrwxr-x+ 1 levchuk Users 1067 2010-08-30 14:37 /etc/backup-running-time*
Please notice the + on the 2nd line.
Source: (StackOverflow)
HI, I have some files, that I'd like to remove the SELinux context or ACLs from (denoted by a '.' or a '+' respectively when using ls -alZ).
I don't have too much time on my hands to read on the , etc on how to use chcon etc., so I just want to quickly know how to disable them all.
Also, if someone knows a SELinux/ACL Cheat-Sheet, that would be terrific.
Here's a screen shot:
Notice the dots right after the permission symbols: drwxr-xr-x., etc.
Source: (StackOverflow)
I'm trying to figure out why the output of ls command has changed. I mean group permissions for a file.
I've created a file named "file" and changed its owner&group:
[root@training group3]# touch file
[root@training group3]# ls -la file
-rw-r--r--. 1 root root 0 Sep 8 15:29 file
[root@training group3]# chown uczen file
[root@training group3]# chgrp group3 file
[root@training group3]# ls -la file
-rw-r--r--. 1 uczen group3 0 Sep 8 15:29 file
[root@training group3]# getfacl file
# file: file
# owner: uczen
# group: group3
user::rw-
group::r--
other::r--
Then I've added additional rwx rights for the user "ula":
[root@training group3]# setfacl -m u:ula:rwx file
[root@training group3]# getfacl file
# file: file
# owner: uczen
# group: group3
user::rw-
user:ula:rwx
group::r--
mask::rwx
other::r--
My question is why the output of ls -la command (below) shows now "rwx" for the group compared to "r--" shown by getfacl above. Why the perms for the group have been (seemingly?) changed if by setfacl I've only added rights for some user (ula)
[root@training group3]# ls -la file
-rw-rwxr--+ 1 uczen group3 0 Sep 8 15:29 file
Source: (StackOverflow)
I'm running an rsync command, copying my files from a server to my Windows machine like:
rsync -rt --partial-dir=".rsync" --del rsync://server/a/ a/
Whenever this command creates a directory, it tends to create a directory with crazy ACLs/permissions. For me, it tends to create ten <not inherited> entries, with one deny entry for the user who ran the rsync command, and the others not making much sense, either. This even happens using the --chmod=ugo=rwX option, which a similar thread suggested.
What can I do to prevent rsync from trying to set permissions at all (and just leave the permissions to the ACL inheritance in Windows)?
Source: (StackOverflow)
I want to interact with the GPIO pins using the Python module Ablib. And I want to do this without root permissions. How can I achieve this?
When I create an ablib.Pin instance the module opens /sys/class/gpio/export and writes the pin number to it. Initially this raises an IOErro:
IOError: [Errno 13] Permission denied: '/sys/class/gpio/export'
This can be solved easily with chmod. Now when I create an ablib.Pin instance I get an IOError on a different file:
IOError: [Errno 13] Permission denied: '/sys/class/gpio/pioC16/direction'
ls -la on /sys/class/gpio returns:
--w------- 1 my_user my_user 4096 Jan 1 01:42 export
lrwxrwxrwx 1 root root 0 Jan 1 01:42 pioC16 -> ../../devices/ahb.0/apb.1/pinctrl.2/fffff800.gpio/gpio/pioC16
When writing 115 to /sys/class/gpio/export, the kernel creates the symbolic link /sys/class/pioC16. The problem it that root is owner of this link. I want that the new created files are owned by my_user. But I don't how to do this. I've tried chmod and chown:
$ chown -R my_user:my_user /sys/class/gpio
$ chmod g+s /sys/class/gpio
And I've tried ACL. But according to this question it looks like I can't use ACL on a sysfs.
$ setfacl -m group:my_group:rwx /sys/class/gpio
setfacl: /sys/class/gpio: Invalid argument
Does somebody know how to fix this?
Source: (StackOverflow)
ACLs and standard file permissions seem to be synchronized:
$ getfacl test.cpp
# file: test.cpp
# owner: scdmb
# group: scdmb
user::rw-
group::rw-
other::r--
$ ls -l test.cpp
-rw-rw-r-- 2 scdmb scdmb 173 Jan 1 1970 test.cpp
However as I've read there are two locations in inode to save file permissions (i_mode field) and these extended file attributes where ACLs are placed. So when I access file then which file permissions are used - standard or ACLs? Or maybe this is the same thing presented in different ways?
Source: (StackOverflow)
Quick scenario on a local Windows system.
Drive E: is formatted with NTFS has the following layout and permissions:
E:\ (JohnDoe)
E:\folder (Administrator)
E:\folder\subfolder (JohnDoe)
JohnDoe has read/write access to the root directory.JohnDoe has read/write access subfolderJohnDoe does NOT have access to folderJohnDoe does NOT have the ability to alter permissions.
Since JohnDoe cannot access folder and thus cannot list the contents, he must type in the path E:\folder\subfolder manually. There is is no "clickable" way to get from E:\ to subfolder.
Here's the question: Is there any way for JohnDoe to discover the existence and path of the accessible subfolder, without being able to list the contents of it's parent folder? Assume that he was not told the subfolder's name and that the permissions do not change from what is stated above.
For the sake of this problem, ignore the possibility of a brute-force attack to guess subfolder's name. Only non-brute-force methods are permitted.
Source: (StackOverflow)
I have a NTFS external hard disk. It was in use primarily with one laptop, but that laptop has since been replaced. With my new laptop, I'm finding all my files are now read-only. The "read-only" checkbox is unchecked, but it seems to be ACLs causing the problem.
On all the files, the only writable permissions on the ACL is SYSTEM, Admistrators, and "S-1-5-21-....", the account number of the account on the old laptop, I'm assuming. Click "advanced" says this permission is "Inherited From" "E:\". However, if I open the ACL list on E:\, I do not see any permissions involving "S-1-5-21..." - why not?
Is there anyway to wholesale update this device to the new user's account, so that I can write to things?
Edit: This is an external drive, and does get shared about machines a bit. Is there a better way to do this?
Edit: The old machine was Windows Vista, the new machine (the one I'm working on) is Windows 7.
Source: (StackOverflow)
I login to a linux box with username user1 and my home folder is in /home. There is another user named user2 that has its home directory in /opt/data/folder.
If I want to check the list of users I inspect the file /etc/passwd in this simple way
grep user1 /etc/passwd
grep user2 /etc/passwd
I cannot find neither my user, not the other: Why is that?
Is there any other file or command I should look to have a proper list of users?
Source: (StackOverflow)
I have been storing my Time Machine backups on an external drive. Noticing that space was getting low, I viewed that external drive in the Finder, selected a bunch of the folders and moved them to the Trash.
I now realize this was stupid of me, for a number of reasons:
- Time Machine will delete old backups properly, when it's running low on space.
- It is my understanding now that all Time Machine backups after the initial one are a diff of the previous backup, not a disk image. So deleting these folders would render subsequent backups useless (I think).
- The "Preparing to empty the Trash ... Items to delete: [number]" dialogue got up to 1.5 million files(!) before I stopped it. And I don't have permission, even as root, to rm -rf them.
- I also don't have permission, even as root, to mv files from /Volumes/Time\ Machine\ Backups/.Trashes/ back to their original location. I did a little reading about Access Control Lists and am wary of making yet more mistakes by fooling around with them.
So, does anyone have insight or advice on how best to deal with this problem?
Specifically, I am wondering:
- Would deleting the items in the Trash render my existing Time Machine backups useless?
- If deleting those folders currently in the Trash *is& OK, how would I do so efficiently?
- If deleting those folders would create problems, how can I move them back to their original location?
Thanks in advance for any help you guys can offer.
Source: (StackOverflow)
I have copied some files from an XP computer to a PC running Windows 7. I am logged on as a user who is marked as an Administrator.
When I try to access the directory, I am told I don't have permission. Understandable, but what is odd is that I as an administrator don't have access to take ownership of the files. I don't have permission to add users in the ACL or to take ownership, indeed such options are greyed out.
Why as an administrator user can I not take ownership of files?
Source: (StackOverflow)