Hello Everyone,
I was performing task in Linux Basic course, the task is as mentioned below:
The Nautilus
security team performed an audit on all servers present in Stratos DC
. During the audit some critical data/files were identified which were having the wrong permissions as per security standards. Once the report was shared with the production support team, they started fixing the issues. It has been identified that one of the files named /etc/sysctl.conf
on Nautilus App 1
server has wrong permissions, so that needs to be fixed and the correct ACLs needs to be set.
-
The user owner and group owner of the file should be root
user.
-
Others
must have read only
permissions on the file.
-
User ammar
must not have any permission on the file.
-
User garrett
should have read only
permission on the file.
But when i execute the command to give the permissions, i am getting “Operation not supported” error
[root@stapp01 tony]# getfacl /etc/sysctl.conf
getfacl: Removing leading ‘/’ from absolute path names
file: etc/sysctl.conf
owner: root
group: root
user::rw-
group::r–
other::r–
[root@stapp01 tony]# id ammar
uid=1002(ammar) gid=1002(ammar) groups=1002(ammar)
[root@stapp01 tony]# id garrett
uid=1003(garrett) gid=1003(garrett) groups=1003(garrett)
[root@stapp01 tony]# setfacl -m u:ammar:-,garrett:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported
Please someone guide me on this.
Hi @sridevilv894,
The command is incomplete.
Regards,
Yeah, I was also looking for this post.
But I would prefer something other than providing the exact command to complete the task. We can provide some tips. Rest they have to use their skills to complete the task.
Hello everyone,
thanks for the tips
i tried below command line as suggested in another post, but i am still getting the same error
[root@stapp02 steve]# setfacl -m u:javed:-,u:eric:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported
i am not sure what else i am missing in this, kindly help me out here
I even tried to run the command for single user
setfacl -m u:javed:- /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported
/etc/sysctl.conf
file is owned by root.
You won’t be able to do anything to it as user steve
. You need to use sudo
@Alistair_KodeKloud thanks for the tip, but it is still not working
[root@stapp01 /]# sudo setfacl -m u:jim:-,u:ryan:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported
Hello everyone,
I was able to complete this task, as this time i got a different file name.
I believe the above command that i used was not sufficient for .conf files, can someone please tell me what is the other command that i will have to use in future for .conf files.
File path
hosts_file=“/etc/hosts”
Set the user owner and group owner of the file to root
chown root:root $hosts_file
Set the permissions so that owner and group have read and write, and others have only read permission
chmod 644 $hosts_file
Remove all permissions for user ‘javed’ on the file
setfacl -m u:javed:— $hosts_file
Give read only permission to user ‘jerome’ on the file
setfacl -m u:jerome:r-- $hosts_file