chmod permissions in an ACL folder“mount: RPC: Timed out” when attempting to mount NFS filesystemWindows File Permissions - Comparing to chmodCHMOD - Applying Different Permissions For Files vs. DirectoriesHow to setup linux permissions for the WWW folder?How do I speed up and cache mmap file access over NFS on Linux?Why is “chmod -R 777 /” destructive?NFSv3 + ACL: mask is gone on clientsUsing TCP protocol for NFS mount points on linux serversACL permissions failing in ubuntuDefault mode parameters affecting ACL permissions

What to do if SUS scores contradict qualitative feedback?

Why can't RGB or bicolour LEDs produce a decent yellow?

What are the components of a legend (in the sense of a tale, not a figure legend)?

Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering

Extracting sublists that contain similar elements

Can I see all locations that a DMG file install files to?

How can I answer high-school writing prompts without sounding weird and fake?

Run script for 10 times until meets the condition, but break the loop if it meets the condition during iteration

How are one-time password generators like Google Authenticator different from having two passwords?

Create a list of all possible Boolean configurations of three constraints

tikz: not so precise graphic

What stroke width Instagram is using for its icons and how to get same results?

Is there a spell to protect inanimate objects?

Was there ever any real use for a 6800-based Apple I?

Early arrival in Australia, early hotel check in not available

Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet?

How to cope with regret and shame about not fully utilizing opportunities during PhD?

How do I compare the result of "1d20+x, with advantage" to "1d20+y, without advantage", assuming x < y?

How do I tell my supervisor that he is choosing poor replacements for me while I am on maternity leave?

Why was Endgame Thanos so different than Infinity War Thanos?

Is it a bad idea to replace pull-up resistors with hard pull-ups?

Who was this character from the Tomb of Annihilation adventure before they became a monster?

Drawing lines to nearest point

Why does the Earth follow an elliptical trajectory rather than a parabolic one?

chmod permissions in an ACL folder

“mount: RPC: Timed out” when attempting to mount NFS filesystemWindows File Permissions - Comparing to chmodCHMOD - Applying Different Permissions For Files vs. DirectoriesHow to setup linux permissions for the WWW folder?How do I speed up and cache mmap file access over NFS on Linux?Why is “chmod -R 777 /” destructive?NFSv3 + ACL: mask is gone on clientsUsing TCP protocol for NFS mount points on linux serversACL permissions failing in ubuntuDefault mode parameters affecting ACL permissions

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

I set up a folder managed by ACL, meant to let specific "manager" users have total control over files in it. File access seems ok (e.g. a manager user can delete a file owned by any other user) but managers can't set permissions of files owned by other users with chmod. To be specific:

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.

– asktyagi
May 2 at 14:08

The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.

– Nicola Mori
May 2 at 15:16

can you share nfs version and mount options? NFS having issues with privilege escalation.

– asktyagi
May 2 at 15:17

NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

– Nicola Mori
May 2 at 15:18

I am suspecting due to version changes your acl is not working.

– asktyagi
May 2 at 15:50

|
show 1 more comment

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.

– asktyagi
May 2 at 14:08

The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.

– Nicola Mori
May 2 at 15:16

can you share nfs version and mount options? NFS having issues with privilege escalation.

– asktyagi
May 2 at 15:17

NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

– Nicola Mori
May 2 at 15:18

I am suspecting due to version changes your acl is not working.

– asktyagi
May 2 at 15:50

|
show 1 more comment

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

[manager@farm test]$ ll
total 4
-rw-rw----+ 1 root root 0 May 2 08:50 p
[manager@farm test]$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:manager:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:manager:rwx
default:group::r-x
default:mask::rwx
default:other::---

[manager@farm test]$ chmod o+w p
chmod: changing permissions of ‘p’: Operation not permitted

Do I miss some details in my ACL setup or maybe what I'm trying to do is not allowed at all? Thanks.
Edit: here are some requested details.

1) lsattr output

on NFS server:

# lsattr p
------------- p

on NFS client:

$ lsattr p
lsattr: Inappropriate ioctl for device While reading flags on p

2) NFS share mount options:

on server:

ext3 rw,noatime,data=ordered,acl 0 0

on client:

nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

3) NFS versions

On server:

# rpcinfo -p localhost
program vers proto port
...
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
...

linux permissions access-control-list chmod

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

edited May 2 at 15:26

asked May 2 at 6:57

Nicola Mori

asked May 2 at 6:57

Nicola Mori

asked May 2 at 6:57

Nicola Mori

check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.

– asktyagi
May 2 at 14:08

The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.

– Nicola Mori
May 2 at 15:16

can you share nfs version and mount options? NFS having issues with privilege escalation.

– asktyagi
May 2 at 15:17

NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

– Nicola Mori
May 2 at 15:18

I am suspecting due to version changes your acl is not working.

– asktyagi
May 2 at 15:50

|
show 1 more comment

check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.

– asktyagi
May 2 at 14:08

The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.

– Nicola Mori
May 2 at 15:16

can you share nfs version and mount options? NFS having issues with privilege escalation.

– asktyagi
May 2 at 15:17

NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

– Nicola Mori
May 2 at 15:18

I am suspecting due to version changes your acl is not working.

– asktyagi
May 2 at 15:50

check lsattr on this file, if it immune or some other flag is enabled. Also check audit log file and share if you found some related.

– asktyagi
May 2 at 14:08

The folder is in an exported NFS share. From client lsattr p gives: "lsattr: Inappropriate ioctl for device While reading flags on p" while from server: " ------------- p" About audit, the /var/log/audit/ folder is empty on NFS server, while I don't have access to that folder on client machine.

– Nicola Mori
May 2 at 15:16

can you share nfs version and mount options? NFS having issues with privilege escalation.

– asktyagi
May 2 at 15:17

NFS mount options: 172.16.1.148:/wizard/02 /wizard/02 nfs rw,nosuid,nodev,noatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.1.148,mountvers=3,mountport=773,mountproto=udp,local_lock=none,addr=172.16.1.148 0 0

– Nicola Mori
May 2 at 15:18

I am suspecting due to version changes your acl is not working.

– asktyagi
May 2 at 15:50

|
show 1 more comment

0

active

oldest

votes

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965519%2fchmod-permissions-in-an-acl-folder%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Otdfbt

0

Your Answer

Post as a guest

0

0

Post as a guest

Popular posts from this blog

0

Your Answer

Sign up or log in

Post as a guest

Post as a guest

0

0

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog