Otdfbt

What to do if SUS scores contradict qualitative feedback?

Why can't RGB or bicolour LEDs produce a decent yellow?

What are the components of a legend (in the sense of a tale, not a figure legend)?

Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering

Extracting sublists that contain similar elements

Can I see all locations that a DMG file install files to?

How can I answer high-school writing prompts without sounding weird and fake?

Run script for 10 times until meets the condition, but break the loop if it meets the condition during iteration

How are one-time password generators like Google Authenticator different from having two passwords?

Create a list of all possible Boolean configurations of three constraints

tikz: not so precise graphic

What stroke width Instagram is using for its icons and how to get same results?

Is there a spell to protect inanimate objects?

Was there ever any real use for a 6800-based Apple I?

Early arrival in Australia, early hotel check in not available

Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet?

How to cope with regret and shame about not fully utilizing opportunities during PhD?

How do I compare the result of "1d20+x, with advantage" to "1d20+y, without advantage", assuming x < y?

How do I tell my supervisor that he is choosing poor replacements for me while I am on maternity leave?

Why was Endgame Thanos so different than Infinity War Thanos?

Is it a bad idea to replace pull-up resistors with hard pull-ups?

Who was this character from the Tomb of Annihilation adventure before they became a monster?

Drawing lines to nearest point

Why does the Earth follow an elliptical trajectory rather than a parabolic one?

chmod permissions in an ACL folder

“mount: RPC: Timed out” when attempting to mount NFS filesystemWindows File Permissions - Comparing to chmodCHMOD - Applying Different Permissions For Files vs. DirectoriesHow to setup linux permissions for the WWW folder?How do I speed up and cache mmap file access over NFS on Linux?Why is “chmod -R 777 /” destructive?NFSv3 + ACL: mask is gone on clientsUsing TCP protocol for NFS mount points on linux serversACL permissions failing in ubuntuDefault mode parameters affecting ACL permissions

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I set up a folder managed by ACL, meant to let specific "manager" users have total control over files in it. File access seems ok (e.g. a manager user can delete a file owned by any other user) but managers can't set permissions of files owned by other users with chmod. To be specific:

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

linux permissions access-control-list chmod

share|improve this question

edited May 2 at 15:26

Nicola Mori

asked May 2 at 6:57

Nicola MoriNicola Mori

32

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.
  
  – asktyagi
  May 2 at 14:08
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.
  
  – Nicola Mori
  May 2 at 15:16
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  can you share nfs version and mount options? NFS having issues with privilege escalation.
  
  – asktyagi
  May 2 at 15:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0
  
  – Nicola Mori
  May 2 at 15:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I am suspecting due to version changes your acl is not working.
  
  – asktyagi
  May 2 at 15:50
  
  

  
  
  
  

 | 
show 1 more comment

0

I set up a folder managed by ACL, meant to let specific "manager" users have total control over files in it. File access seems ok (e.g. a manager user can delete a file owned by any other user) but managers can't set permissions of files owned by other users with chmod. To be specific:

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

linux permissions access-control-list chmod

share|improve this question

edited May 2 at 15:26

Nicola Mori

asked May 2 at 6:57

Nicola MoriNicola Mori

32

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.
  
  – asktyagi
  May 2 at 14:08
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.
  
  – Nicola Mori
  May 2 at 15:16
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  can you share nfs version and mount options? NFS having issues with privilege escalation.
  
  – asktyagi
  May 2 at 15:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0
  
  – Nicola Mori
  May 2 at 15:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I am suspecting due to version changes your acl is not working.
  
  – asktyagi
  May 2 at 15:50
  
  

  
  
  
  

 | 
show 1 more comment

I set up a folder managed by ACL, meant to let specific "manager" users have total control over files in it. File access seems ok (e.g. a manager user can delete a file owned by any other user) but managers can't set permissions of files owned by other users with chmod. To be specific:

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

linux permissions access-control-list chmod

share|improve this question

edited May 2 at 15:26

Nicola Mori

asked May 2 at 6:57

Nicola MoriNicola Mori

32

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

# lsattr p
------------- p

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

ext3 rw,noatime,data=ordered,acl 0 0

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

share|improve this question

edited May 2 at 15:26

Nicola Mori

asked May 2 at 6:57

Nicola MoriNicola Mori

32

share|improve this question

edited May 2 at 15:26

Nicola Mori

asked May 2 at 6:57

Nicola MoriNicola Mori

32

asked May 2 at 6:57

Nicola MoriNicola Mori

32

asked May 2 at 6:57

Nicola MoriNicola Mori

32