I was going through a book for RHCSA which was written for RHEL8. Most things have been working fine on Rocky 9, but setfacl doesn’t seem to be working.
As user1, in /tmp I create aclfile1.
I then run setfacl -m u:user100:6 aclfile1
Running getfacl aclfile1 shows
user100:rw-
group:r
mask:rw
whereas in Rocky 8 it shows group:rw. This makes sense as the default umask in Rocky 9 is 0002 and Rocky 8 0022. I’m wondering what I have to add to setfacl to get it to allow user100 rw permissions.
Oh, when I try to write to it as user100 I get a message that file can’t be opened for editing.
I’ve been web searching and not finding anything with terms like acl change in RHEL9.
I think that all I need is a link explaining the differences but so far Chapter 26. Managing the Access Control List Red Hat Enterprise Linux 9 | Red Hat Customer Portal which should be for RHEL9 makes it seem to work as it always did.
Thanks for any help.
NOTE: My original post had a typo of setacl instead of setfacl, hence @sspencerwire’s correction, even though it looks correct now.
Yes, it was a typo. I’m going to edit that to fix it. I’ve also found the solution, by rereading the RH article linked above. In Rocky 8, the user who created the file, e.g., user1 could run the setfacl. However, it seems that in Rocky 9 setfacl must be done by root. So problem solved, sorry for the time wasting
I think I have to reopen this–not sure if it merits a bug report, as I don’t see a report on RH bugzilla and web searching just found one person with the same issue (no solution) on serverfault.
I guess I didn’t check thoroughly enough when I marked it solved.
I used the example from the Ghori RHCSA book which is for RHEL8. As I mentioned in my former solution, I thought it would work if I did the acl list as root. In short.
As user1 create a file in /tmp/acluser1
Then as root, I did setfacl u:user100:6 /tmp/acluser1
The file was rw-r–r-- so I also ran chmod 664 /tmp/acluser1 to make up for the changed default umask. In Rocky-8.x it’s 0002, in 9.x 0022.
I then logged in as user100
Doing echo test > /tmp/acluser1 works, and running less acluser1 shows the text I echoed to it.
However, doing vi /tmp/acluser1, when I edit and then save the file, gives me Can't open file for writing.
As I said, I’ve only found one person with the same issue so I don’t know if this is something I’m missing or a bug to be reported.
Going back to marking it semi solved. If, and only if, I create the file as root, it works. If I create the file as user1 and then, even have root set the acl, user100 cannot write to it. But, if I create the file as root, and then, set the acl as root, it works and user100 can open it in vi, write to it and save it. So, I’ll mark this as a solution in case anyone does a webserch for it.