Questions tagged [setfacl]
setfacl(1) is a command-line utility to set ACL (Access Control List) information on files, part of a withdrawn POSIX draft from 1997
36
questions
59
votes
4
answers
116k
views
linux/setfacl - Set all current/future files/directories in parent directory to 775 with specified owner/group
I have a directory called "members" and under it there are folders/files. How can I recursively set all the current folders/files and any future ones created there to by default have 775 permissions ...
- 1,581
9
votes
2
answers
17k
views
Have new files inherit their folder's extended ACLs
We are moving our web files from AFS to a local volume with the acl flag set. We use extended ACLs for our permissions so users can edit different parts of our websites. In AFS, when you create a new ...
- 123
7
votes
1
answer
12k
views
How to give write permissions using setfacl while retaining existing permissions?
I want to give write permission to a specific user on a dir recursively without loosing any existing permissions that the user may have. I believe I can use something like this to give write ...
- 171
4
votes
1
answer
263
views
mkdir -p ignores facl?
I am trying to enforce file perms of 777 across a specific set of dirs. I used "setfacl -m d:o::rwx" and got what appears to be the right permissions
$ getfacl .
# file: .
# owner: blah
# group: ...
- 41
4
votes
2
answers
3k
views
setfacl equivalent to chmod for setting/unsetting individual flag
Using setfacl command line arguments, is there a way to set/unset a single flag as the following command will do ?
chmod g+x FILE
Please note that:
setfacl g::x FILE
setfacl g::--x FILE
are ...
- 532
3
votes
1
answer
3k
views
How to have multiple users access to chmod() the same file?
I have a system where multiple users are running an application that chmod the same file. I've tried using setacl to add both users as user owners of the file to do this, but it doesn't work. The ...
- 130
3
votes
1
answer
2k
views
How to use setfacl on ZFS dataset to set the equivalent of UNIX-style chmod 770?
I'm trying to use setfacl to set the permissions of different ZFS datasets, and I want those ACL permissions equivalent to UNIX-style chmod 770.
What setfacl command could accomplish this, and what ...
- 375
3
votes
1
answer
816
views
Setting default permissions on newly created files/folders [closed]
I have a network of sites where all sites share same "images" folder. I have created /home/_images/entities and symlinked it from all websites, and it works great with Apache, when I open /images/ on ...
- 141
3
votes
0
answers
729
views
Setfacl: Removing ACL make my file executable
I'm making a script to add and remove ACL for third party unix account.
Adding ACL works like a charm.
Removing works but make a file created by sub-users executable. See:
~/test$ mkdir directory
~/...
- 151
2
votes
1
answer
11k
views
ACL multiple default groups?
With Linux ACL, can you have multiple groups with default access to a folder? I want this for sharing code repositories between different coding groups + several processes. My thinking is, if a user ...
- 223
2
votes
1
answer
2k
views
Make www-data the owner and group of newly created files and folders
I am running Ubuntu 16.04.
I have several users that are within the www-data group and will be creating/modifying files on the server.
We'll call them user1 and user2.
Any time user1 or user2 ...
- 131
2
votes
1
answer
1k
views
Why is my unix socket created with a different ACL mask to other files?
I am deploying an Nodejs Express app. It is going to run as on the same box as an Nginx server, which will proxy requests to it via a unix socket. The question is not specific to Nodejs, however.
The ...
- 123
2
votes
1
answer
193
views
How can I set up a filesystem directory to *always* be group writable?
I have a Linux file server with some shared directories. These directories are sometimes accessed over SFTP, and sometimes by users with shells. Regardless of how these directories are accessed, I ...
- 251
2
votes
0
answers
394
views
setfacl setting unwanted group execute
I'm pretty sure I'm just doing something wrong, but I can't figure it out...
I have some directories I set up with the following:
sudo setfacl -dR -m u::rwX,g::rwX,o::rX,u:ubuntu:rwX,u:www-data:rwX,...
- 633
2
votes
1
answer
466
views
Default owner and setting sticky bit by default
I have a RHEL 5.5 server and want to set up some specific security for a directory:
Please note that I am not asking how to do this one time... that has already been done.
I want all new directories ...
- 203
1
vote
1
answer
901
views
ACL: giving - - - permissions for the owner of the file
At the beginning, I have these permissions for a file:
# file: jar
# owner: my_user
# group: my_user
user::rw-
group::rw-
other::r--
After running this:
setfacl -m u:my_user:--- jar
and get this ...
- 203
1
vote
1
answer
4k
views
Logrotate: Postrotate setfacl failed with no such file or directory error
I set some extended ACL entries for /var/log/squid3/ and /var/log/squid3/access.log.
sudo setfacl -m u:jetty:r-x,g:adm:r-x /var/log/squid3
sudo setfacl -m u:jetty:r--,g:adm:r-- /var/log/squid3/...
- 13
1
vote
1
answer
2k
views
setfacl for all users
Is it possible to set the permission for all users or all groups that are present in the acl?
Namely, I would like a command that applies permissions uniformly for all members of an entity type, ...
- 133
1
vote
0
answers
506
views
Given the permission to the directory via "setfacl", yet nginx will get "permission denied". Why?
(1)
nginx is run as "http":
$ sudo ps aux| grep nginx
root 10932 0.0 0.1 22264 1340 ? Ss 18:27 0:00 nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; error_log ...
- 11
1
vote
1
answer
790
views
linux getfacl shows the correct permissions but user cannot rm a file from command line. "Permission denied"
This scratch file was created by apache
-rw-rw-r--+ 1 apache apache 1960 Nov 16 2019 zlz7v5y9.php
When executing the following:
-bash-4.2$ rm zlz7v5y9.php
I get:
rm: cannot remove ‘zlz7v5y9....
- 194
1
vote
1
answer
1k
views
How to run setfacl inside a Docker Container
I have a bash file which uses ACLs to give permission to certain users. The bash file looks like
sudo setfacl -m u:ChiefCommander:rwx /home/Army$i
When i am building a Docker Container using this ...
- 13
1
vote
1
answer
271
views
setfacl inherit permissions without bash scripting
i have this script to add inherit permissions in all directory's,
asd=$(find -type d); for a in $asd; do setfacl -d -m "u:pythoncrons:rwx" $a; done
my question is, i can set inherit permissions ...
1
vote
1
answer
274
views
UNIX ACL Permissions Different when file is copied from Windows Explorer compared to unix cp command
Please share your inputs on the following scenario.
Unix Path 1.
Permissions for /source/dir1/test.txt are
-rw-rw----+
Scenarios
Case 1: When this file is copied from Windows Explorer to the ...
- 21
1
vote
1
answer
2k
views
Cannot access files in docker as a non-root user 777 permissions + facls
I have a docker container with a web app. Apache cannot read to the log folder. The apache user has specific rwx on the facl folder. I set 0777 on the folder recursivelyinside and outside the ...
- 1,037
0
votes
1
answer
156
views
Local "incoming" dir
I need to create a directory on a Linux server where users can "submit" files, similar to the incoming directory on an ftp server. (Where they would not be viewable after submission.)
Specifically, ...
- 101
0
votes
1
answer
2k
views
Linux file ACLs are not kept using Docker for new files/containers created by Docker daemon
I am trying to grant read permissions to group grafana-cloud to files under /var/lib/docker/containers:
#> ls /var/lib/docker/containers/ | head -n1
...
- 103
0
votes
1
answer
2k
views
which is better, setfacl or chmod +a? [closed]
I have been working with Ubuntu for a year or so.
Just the other week I have started to learn the Symfony framework which works faster with the ACL.
In the installation and configuration of Symfony (...
- 887
0
votes
1
answer
2k
views
Give read/write permission of group files to a user
How can I use setfacl to allow a user to have read/write permission on the home directory of any user that belongs to a certain group?
- 103
0
votes
1
answer
1k
views
su -u www-data cat ... not working as expected
For a project I'm working on, I need the www-data user to be able to read /etc/openvpn/easy-rsa/pki/index.txt
The permissions see fine for this:
-rw-r-----+ 1 root www-data 1050 Dec 7 20:43 index.txt
...
- 93
0
votes
1
answer
509
views
Overwrite directory creation mode using linux acl
I try to give specific user(for example "test") right to read any new created directory. I do that using:
undefine@undefine-ThinkPad-T430s:~/test$ getfacl .
# file: .
# owner: undefine
# group: ...
- 1,056
0
votes
1
answer
5k
views
Samba4: ACLs inheritance: owner group will be changed to "domain users" in new created files/dirs
Samba Version 4.3.11 on Ubuntu Xenial server (16.04)
In smb.conf I have:
Server role: ROLE_DOMAIN_MEMBER
[global]
...
inherit permissions = Yes
inherit acls = Yes
# I needed this due to ...
- 97
0
votes
1
answer
31
views
Trying to use setfacl to allow script owner to delete cache file
I want to use setfacl to allow a php script owner to delete fastcgi_cache_path files that are owned by nginx. The user has been added to the nginx group.
I have tried: setfacl -d -m u:user:rwx cache, ...
- 81
0
votes
1
answer
83
views
set the permissions on all the files and folders within a directory (CentOS 7.0 )
I kind of new to Linux/Centos world, is there any way to set the permissions on all the files and folders within a directory. I know chmod 777 will set permissions on the directory, but if it already ...
0
votes
1
answer
547
views
setfacl issue on subdirs created by server
I'm facing issues on inheriting the parent permissions for the folders created by PHP script which is executed by the server.
I've created the deployer user, added to www-data group and set the ...
- 51
0
votes
3
answers
238
views
Convenient WordPress Web Directory Permissions?
I'm setting up a webserver for WordPress.
WordPress requires it's stuff to be owned by www user or it has problems installing plugins and themes (asks for server FTP credentials, it's stupid, I know)...
- 820
-1
votes
1
answer
2k
views
setting umask for a directory so that all directories, executable file(.sh , .cmd, .bat) are 750 and regular file 640
need to create and change existing file and directory such that all directories and executable files(*.sh, *.bat, *.cmd ..) are 750 and regular file are 640 . I need to this in shell and python both.
...
- 101