0

Need to give new user acl permissions on linux server without changing existing chmod permissions. New user doesn't belong to any group and doesn't own files. User needs to be able to write and read files. Need to use effective permissions when providing write & read to files. The folders need to have read and execute acl permissions for this user. The problem I'm facing is that when I change the file acl permissions using -R, it changing the folders too. I don't need/want that. How do I apply the acl permissions below for ALL files (those in sub-directories too) without changing folder permissions?

The new users needs to have write permissions to a file, which means the user needs to have read+exe permission on the containing folder and read+write permission on the file.

# assigned read + execute to all the folders on server (includes subfolders)
setfacl  -m user:robinhood:r-X  /server/root/

# assign read + write to ALL the files (not folder) on server
# set file permissions using effective permissions
# this assigns file permissions to all files in root directory, but not files in all subfolders.
# What's the best way to apply the command to all the files
# including those in subdirectories and not to the folders?
# The folders are not to have effective permissions.

setfacl -m mask:rw-,user:robinhood:rwx /server/root/*
yaris
  • 1
  • 2
  • 1
    What's the question? Please have a read of https://superuser.com/help/how-to-ask, and update your post to be a question. – spikey_richie May 11 '22 at 12:06
  • thank you for making me rewrite the question. Is it any clearer? – yaris May 11 '22 at 12:22
  • Yes, much. Thank you. – spikey_richie May 11 '22 at 12:48
  • (1) [Directories are files](https://superuser.com/a/1467109/432690). (2) See [this question](https://superuser.com/q/1630085/432690). Can you adjust my answer to your needs? – Kamil Maciorowski May 11 '22 at 14:20
  • (1)ok.folders are files so server really only has files. So, should have said content holder for folder/directory(2) No. I'm not skilled at acl settings.Now, there r two issues: (A)I can't use both above mentioned setfacl commands at the same time because the folders/dir/content holders end up with effective permissions and in the server design (designed by someone else), the folders/dir/content holders do not have effective permissions. What other way can be used to achieve same desired effects of each setfacl?(B)how to apply file permissions for every file on server? – yaris May 11 '22 at 15:11

1 Answers1

0

find is your friend:

find /server/root -type f -execdir setfacl -m mask:rw-,user:robinhood:rwx {} \;

This command finds all files in /server/root of type file (-type f) and executes this command in the file's directory:

setfacl -m mask:rw-,user:robinhood:rwx {} \;

where {} is a placeholder for the current item in find's list of results and \; marks the end of -execdir's parameter.

It takes a little bit more time but only sets the ACL on files and nothing else.

If you need to modify the ACL of the subdirectories of /server/root for robinhood to access the subdir's content, just use find -type d and edit the setfacl command accordingly.

MasinAD
  • 11
  • 3