ACL task - Operation not supported error

sridevilv894 · August 2, 2023, 3:08pm

Hello Everyone,

I was performing task in Linux Basic course, the task is as mentioned below:
The Nautilus security team performed an audit on all servers present in Stratos DC. During the audit some critical data/files were identified which were having the wrong permissions as per security standards. Once the report was shared with the production support team, they started fixing the issues. It has been identified that one of the files named /etc/sysctl.conf on Nautilus App 1 server has wrong permissions, so that needs to be fixed and the correct ACLs needs to be set.

The user owner and group owner of the file should be root user.
Others must have read only permissions on the file.
User ammar must not have any permission on the file.
User garrett should have read only permission on the file.

But when i execute the command to give the permissions, i am getting “Operation not supported” error

[root@stapp01 tony]# getfacl /etc/sysctl.conf
getfacl: Removing leading ‘/’ from absolute path names

file: etc/sysctl.conf

owner: root

group: root

user::rw-
group::r–
other::r–

[root@stapp01 tony]# id ammar
uid=1002(ammar) gid=1002(ammar) groups=1002(ammar)
[root@stapp01 tony]# id garrett
uid=1003(garrett) gid=1003(garrett) groups=1003(garrett)
[root@stapp01 tony]# setfacl -m u:ammar:-,garrett:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported

Please someone guide me on this.

Tej-Singh-Rana · August 2, 2023, 6:29pm

Hi @sridevilv894,
The command is incomplete.

Regards,

Tej-Singh-Rana · August 3, 2023, 11:56am

Yeah, I was also looking for this post.

Tej-Singh-Rana · August 3, 2023, 11:59am

But I would prefer something other than providing the exact command to complete the task. We can provide some tips. Rest they have to use their skills to complete the task.

sridevilv894 · August 3, 2023, 1:44pm

Hello everyone,

thanks for the tips
i tried below command line as suggested in another post, but i am still getting the same error
[root@stapp02 steve]# setfacl -m u:javed:-,u:eric:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported

i am not sure what else i am missing in this, kindly help me out here
I even tried to run the command for single user
setfacl -m u:javed:- /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported

Alistair_KodeKloud · August 3, 2023, 6:39pm

/etc/sysctl.conf file is owned by root.
You won’t be able to do anything to it as user steve. You need to use sudo

sridevilv894 · August 4, 2023, 10:35am

@Alistair_KodeKloud thanks for the tip, but it is still not working
[root@stapp01 /]# sudo setfacl -m u:jim:-,u:ryan:r /etc/sysctl.conf
setfacl: /etc/sysctl.conf: Operation not supported

sridevilv894 · August 4, 2023, 10:53am

Hello everyone,

I was able to complete this task, as this time i got a different file name.
I believe the above command that i used was not sufficient for .conf files, can someone please tell me what is the other command that i will have to use in future for .conf files.

Sunil-Ror · August 19, 2023, 1:21am

File path

hosts_file=“/etc/hosts”

Set the user owner and group owner of the file to root

chown root:root $hosts_file

Set the permissions so that owner and group have read and write, and others have only read permission

chmod 644 $hosts_file

Remove all permissions for user ‘javed’ on the file

setfacl -m u:javed:— $hosts_file

Give read only permission to user ‘jerome’ on the file

setfacl -m u:jerome:r-- $hosts_file