new user acl questions

Support for security such as Firewalls and securing linux
vinmansbrew
Posts: 21
Joined: 2016/10/06 20:12:33

new user acl questions

Postby vinmansbrew » 2018/04/09 18:36:23

I am trying to add acl for a new user, to a certain directory, without giving them access to prior directories. Now, I've done this before, and it seemed to work fine.
I have added the person to the required etc/group, then I have gone to the parent directory, that contains the directory they need access to, and I have tried adding r/w access to that folder. When they winscp to the dir, "server returned empty listing for directory".

I must be missing something that I have forgotten about.

MartinR
Posts: 311
Joined: 2015/05/11 07:53:27
Location: UK

Re: new user acl questions

Postby MartinR » 2018/04/10 09:43:05

Do they have read access to outer directories? See chmod(1). For example, to access /home/someone/test/ they need r-- --x access to /home/ and /home/someone/. They can then find /home/someone/test/ which can have r-x or rwx as appropriate. Remember that to search a directory (eg use ls) you need execute read permission, so just supplying read execute will only allow the user to go to a subdirectory they already know about.
Last edited by MartinR on 2018/04/12 09:14:38, edited 1 time in total.

Whoever
Posts: 1002
Joined: 2013/09/06 03:12:10

Re: new user acl questions

Postby Whoever » 2018/04/12 03:19:57

MartinR wrote:Remember that to search a directory (eg use ls) you need execute permission, so just supplying read will only allow the user to go to a subdirectory they already know about.


I believe that you have that reversed. To cd to a directory, only "x" is needed, while "r" is needed to list the contents.

MartinR
Posts: 311
Joined: 2015/05/11 07:53:27
Location: UK

Re: new user acl questions

Postby MartinR » 2018/04/12 09:09:05

Good catch, mea culpa. :oops: In my (shaky) defence I wrote it, then checked the man page, and changed it without engaging my brain first. What it says: "execute (or search for directories) (x)", what I saw: "search in directories".

The basic issue remains though, check that there is execute access to the parent directories.

vinmansbrew
Posts: 21
Joined: 2016/10/06 20:12:33

Re: new user acl questions

Postby vinmansbrew » 2018/04/17 17:06:10

I'll take a look. The issue seems to have cleared up, so it may have been something with the program they are partly accessing.