Setfacl for all numeric username is not working

Issues related to applications and software problems
Post Reply
kuntaldeb
Posts: 3
Joined: 2018/10/11 03:18:08

Setfacl for all numeric username is not working

Post by kuntaldeb » 2018/10/11 03:32:21

Hi,

We are using all numeric usernames and when we use setfacl with these username, it is not working.

Please help.

Code: Select all

# useradd 123
# useradd test
# mkdir /tstdir/
# getfacl /tstdir
getfacl: Removing leading '/' from absolute path names
# file: tstdir
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# setfacl -m u:test:rwx /tstdir
# setfacl -m u:123:rwx /tstdir
# sudo su - test
$ cd /tstdir
$ touch file
$ exit
logout
# sudo su - 123
$ cd /tstdir
$ ls -ltr
total 0
-rw-rw-r-- 1 test test 0 Oct 10 22:46 file
$ touch file1
touch: cannot touch ‘file1’: Permission denied
$ exit
logout
# id 123
uid=5114(123) gid=5114(123) groups=5114(123)
# id test
uid=5115(test) gid=5115(test) groups=5115(test)
# cd /tstdir
# getfacl -n /tstdir
getfacl: Removing leading '/' from absolute path names
# file: tstdir
# owner: 0
# group: 0
user::rwx
user:123:rwx
user:5115:rwx
group::r-x
mask::rwx
other::r-x

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Setfacl for all numeric username is not working

Post by TrevorH » 2018/10/11 06:18:17

https://access.redhat.com/solutions/3103631
Resolution

User and group names that consist only of digits, while permitted by shadow-utils, are best avoided or treated with caution. Some tools (eg setfacl, getent) will be unable to recognise them at all, while others will need to be used carefully (eg chown).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kuntaldeb
Posts: 3
Joined: 2018/10/11 03:18:08

Re: Setfacl for all numeric username is not working

Post by kuntaldeb » 2018/10/11 07:32:10

Hi TrevorH,

Thanks for this information. We are trying to use user impersonation in OTS product for our full numeric SSO (LDAP authenticated) and faced this issue due to setfacl - the product requires local and password less linux account same as SSO value.
Are you aware of any workaround for this?

Regards,
Kuntal.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Setfacl for all numeric username is not working

Post by TrevorH » 2018/10/11 07:53:58

No, sorry. Judging by the comments on that RH KB article, it would appear that they let the creation of all numeric usernames through by mistake and only some tools were changed to allow them. I would avoid them altogether if you can as it sounds to me like they might revisit the decision to allow them at all at some point.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kuntaldeb
Posts: 3
Joined: 2018/10/11 03:18:08

Re: Setfacl for all numeric username is not working

Post by kuntaldeb » 2018/10/11 12:09:38

Thanks

Post Reply