Page 1 of 1

new user acl questions

Posted: 2018/04/09 18:36:23
by vinmansbrew
I am trying to add acl for a new user, to a certain directory, without giving them access to prior directories. Now, I've done this before, and it seemed to work fine.
I have added the person to the required etc/group, then I have gone to the parent directory, that contains the directory they need access to, and I have tried adding r/w access to that folder. When they winscp to the dir, "server returned empty listing for directory".

I must be missing something that I have forgotten about.

Re: new user acl questions

Posted: 2018/04/10 09:43:05
by MartinR
Do they have read access to outer directories? See chmod(1). For example, to access /home/someone/test/ they need r-- --x access to /home/ and /home/someone/. They can then find /home/someone/test/ which can have r-x or rwx as appropriate. Remember that to search a directory (eg use ls) you need execute read permission, so just supplying read execute will only allow the user to go to a subdirectory they already know about.

Re: new user acl questions

Posted: 2018/04/12 03:19:57
by Whoever
MartinR wrote:Remember that to search a directory (eg use ls) you need execute permission, so just supplying read will only allow the user to go to a subdirectory they already know about.


I believe that you have that reversed. To cd to a directory, only "x" is needed, while "r" is needed to list the contents.

Re: new user acl questions

Posted: 2018/04/12 09:09:05
by MartinR
Good catch, mea culpa. :oops: In my (shaky) defence I wrote it, then checked the man page, and changed it without engaging my brain first. What it says: "execute (or search for directories) (x)", what I saw: "search in directories".

The basic issue remains though, check that there is execute access to the parent directories.

Re: new user acl questions

Posted: 2018/04/17 17:06:10
by vinmansbrew
I'll take a look. The issue seems to have cleared up, so it may have been something with the program they are partly accessing.