0
I'm trying to use ACL's to make all new files and folder in a directory belong to a certain group, but it doesn't seem to have any effect. I've run these commands in the directory:
setfacl -d -m group:"groupname":rwx .
setfacl -m group:"groupname":rwx .
New files and folders still belong to the group of the user who created them. Any suggestions?
NCLI
Posted 2016-02-16T18:14:09.077
Reputation: 103
0
Your ACLs work fine. But you're expecting them to do things which they never did at all.
Specifically, ACLs never change file ownership. Instead they add additional access entries – that is, in addition to the "main" group, there is now a second group that also has +rwx access.
For many purposes, that should actually be enough. But if you need the "main" group to be changed, you'll need a different feature – on Linux, the "setgid" flag on directories has that effect:
chmod g+s .
(Note that there's no equivalent for the owner itself; u+s has no effect on directories.)
user1686
Posted 2016-02-16T18:14:09.077
Reputation: 283 655
0
btrfs has acl support enabled as a default mount option.
However inside an lxc container on a btrfs filesystem setting a sticky gid with chmod g+s does not work (it works just fine inside a container on an ext filesystem) - it needs to be set by the lxc host.
Stuart Cardall
Posted 2016-02-16T18:14:09.077
Reputation: 236
Huh, thanks. I could have sworn it didn't work, but now it does. It's just not visible in the same way, just like you said. Thanks! – NCLI – 2016-02-16T18:27:10.887
You might have had the 'mask' deny access; in POSIX ACLs, if there is an ACL and someone does
chmod g-rwxit doesn't change the main group's access, it changes the access for all ACL entries as well. – user1686 – 2016-02-16T18:33:46.410Makes sense. Thank you, I'll keep that in mind. – NCLI – 2016-02-16T19:07:05.680