access control list share file but not directory RHEL6

2

0

I have a file that I want to be accessible by a single user, but I don't want the user to have access to the folder it resides in. My understanding is that the following steps should work, but they don't seem to. Can anyone spot my mistake? Thank you in advance.

I disabled Selinux just to ensure that's not the problem.

setenforce Permissive
setfacl -m u:ianadmin:rw- /var/log/Xorg.0.log
getfacl /var/log/Xorg.0.log

# file: var/log/Xorg.0.log
# owner: root
# group: root
user::rw-
user:ianadmin:r--
group::---
mask::r--
other::---

su ianadmin
cat /var/log/Xorg.0.log
cat: /var/log/Xorg.0.log: Permission denied

daveadmin

Posted 2013-03-15T18:27:00.287

Reputation: 21

should mention the filesystem is definately mounted with acl too – daveadmin – 2013-03-15T19:33:57.157

Answers

1

It's likely ianadmin does not have execute access to /var/log. If ianadmin doesn't have x permissions on /var/log, it won't be able to read the file.

If you want the user to be able to access /var/log/Xorg.0.log, but not be able to view the files in /var/log, you might want to try the following:

# setfacl -m u:ianadmin:--x /var/log

This will enable ianadmin to enter /var/log, but not be able to see a directory listing.

cwawak

Posted 2013-03-15T18:27:00.287

Reputation: 446

Asked: 2013-03-15T18:27:00.287

Viewed: 169 times

Active: 2014-11-19T17:34:44.110