ACL permission ignored

Armin08 · March 18, 2024, 3:14pm

Hello,

I’m trying to understand file and directories ACL. So, I’ve created the file “myaclfile” with some content as the user armin. I wantet to get the user “lfcs” rw permissions and after I did, still he isn’t able to write in this file. You can see permissions in the following example:

armin@ubuntu-h1:/tmp$ ls -la myaclfile 
-rw-rw-r--+ 1 armin armin 34 Mar 18 14:45 myaclfile
armin@ubuntu-h1:/tmp$ sudo getfacl myaclfile 
# file: myaclfile
# owner: armin
# group: armin
user::rw-
user:lfcs:rw-
group::rw-
mask::rw-
other::r--

Despite having rw permissions, user lfcs isn’t able to write in this file as you can see:

lfcs@ubuntu-h1:/tmp$ echo "Content written by lfcs" >> myaclfile 
-bash: myaclfile: Permission denied

When I try to edit this file as lfcs user using vi editor, I got the following issue:

Could anyone explain to what is happening ?

Alistair_KodeKloud · March 18, 2024, 8:57pm

Hmm., can’t see what’s wrong with what you’re doing
Works for me

root@c550983a795a:/test# su - user1
user1@c550983a795a:~$ cd /test
user1@c550983a795a:/test$ touch aclfile
user1@c550983a795a:/test$
logout
root@c550983a795a:/test# getfacl aclfile
# file: aclfile
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--

root@c550983a795a:/test# setfacl -m u:user2:rw aclfile
root@c550983a795a:/test# getfacl aclfile
# file: aclfile
# owner: user1
# group: user1
user::rw-
user:user2:rw-
group::rw-
mask::rw-
other::r--

root@c550983a795a:/test# su - user2
user2@c550983a795a:~$ cd /test
user2@c550983a795a:/test$ echo hi > aclfile
user2@c550983a795a:/test$ cat aclfile
hi
user2@c550983a795a:/test$

Are you using a flie system that correctly supports ACLs?

Armin08 · March 18, 2024, 9:58pm

Dear @Alistair_KodeKloud ,

It’s ext4 fs type. But I did excersise again but this time in the following way:

armin@ubuntu-h1:~/test$ pwd
/home/armin/test
armin@ubuntu-h1:~/test$ sudo getfacl aclfile 
# file: aclfile
# owner: armin
# group: armin
user::rw-
user:lfcs:rw-
group::rw-
mask::rw-
other::r--

armin@ubuntu-h1:~/test$ su - lfcs
Password: 
lfcs@ubuntu-h1:~$ echo "something" > /home/armin/test/aclfile 
lfcs@ubuntu-h1:~$ cat !$
cat /home/armin/test/aclfile
something
lfcs@ubuntu-h1:~$

The only difference is I didn’t create the aclfile in the /tmp directory this time and everything else is the same as I did before.

Alistair_KodeKloud · March 19, 2024, 8:33pm

/tmp isn’t ext4, it is tmpfs and may not correctly support ACLs

You shouldn’t in normal operation have a need to set ACLs on temporary files anyway.

Armin08 · March 19, 2024, 10:05pm

Dear @Alistair_KodeKloud thank you for the explanation.