How to Set Multi Group ACLs

Hi we have FreeNAS running on FreeBSD. We are having trouble getting the correct file permissions. We want to allow some users into a folder.

Currently one of our guys has conjured up this to try and make it work : setfacl -m group@:rwWxpaRc::allow DIR / or filename.

It seems to have the effect of allowing anyone in and they can read, write and execute.

This the state of play from one directory:

Code:
getfacl testACLs
# file: testACLs
# owner: root
# group: Domain Admins
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:r-x-D-a-R-c---:fd----:allow

What we want is a user who belongs to two groups (admin, finance) to be able to go to folder that only certain groups can access. In short how do I set multi group functionality using ACLS?

Thanks for the help,

Dan :OOO
 
Why don't you use TrustedBSD mac_basdextended (ugidfw)? You can do what ever you want to. Try, I will help you.
 
bryn1u said:
Hey,

Why don't you use TrustedBSD mac_basdextended (ugidfw)? You can do what ever you want to. Try, I will help you.



Can we try to work out the correct ACLs first using setfacl. I have four users in group Finance. Only they should have read write and execute acces inside the folder folder FINANACE. What would my ACL look like ?

The documention on setfacl isnt the easiest to wrap my head around : http://www.freebsd.org/cgi/man.cgi?quer ... 1#EXAMPLES
 
bryn1u said:
I think to do this you don't need ACL. Use normal chmods. Make a group, put there these 4 users, add chmods for this folder rwx for owner and group, for others remove rwx. Something like, chgrp -R group finance, chmod -R g+rwx folder, chmod -R o-rwx folder and should works.

For ACL:
http://www.bsdguides.org/2005/working-with-acls/


What about if the user belongs to multiple groups. Is freebsd FreeBSD able to work out the correct permissions?
 
kam270 said:
What about if the user belongs to multiple groups. Is FreeBSD able to work out the correct permissions?
Yes, as that's the whole point of the groups in the first place.
 
SirDice said:
kam270 said:
What about if the user belongs to multiple groups. Is FreeBSD able to work out the correct permissions?
Yes, as that's the whole point of the groups in the first place.


Ok I performed the tests again and removed the ACLs on the folder. I used the standard rwx permissions and it all works nicely. The user can belong to multiple groups and the correcrt permissions are respected.
 
Back
Top