4

I've got a fresh install of Scientific Linux 6, and am playing a bit with acls. All filesystems are ext4.

In this particular case, I think have set up the acl's so that any user in the admin group has rwx access to /usr/src.

# setfacl -R -m d:g:admin:rwx /usr/src
# exit
exit

[~]$ getfacl /usr/src
getfacl: Removing leading '/' from absolute path names
# file: usr/src
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:admin:rwx
default:mask::rwx
default:other::r-x

However, logging out and back in:

[~]$ touch /usr/src/test
touch: cannot touch `/usr/src/test': Permission denied

This user is in the admin group:

[~]$ id
uid=500(xx) gid=500(xx)     groups=500(xx),997(admin) 
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Now, I see that 'group' is r-x, but my understanding is that that only applies to the owning gid (500 in this case).

So what am I doing wrong, or otherwise missing, here?

Caleb
  • 11,813
  • 4
  • 36
  • 49
user52874
  • 829
  • 2
  • 12
  • 26
  • 1
    You don't need to change the title of the question to reflect that it's been solved. You can however, accept DerfK's answer. – Holocryptic Jun 09 '11 at 00:38

1 Answers1

4

You have an SELinux context, so I wouldn't rule out SELinux blocking you from writing to /usr/src (check the audit.log for relevant messages).

However, for the ACL itself, the default: ACLs on a directory are used for objects you create in that directory, so d:g:admin:rwx means that things created in the directory would be writable by admin, not that the directory itself is writable by the admin group. Try just g:admin:rwx

DerfK
  • 19,493
  • 2
  • 38
  • 54