Comments on: How to Set Access Control Lists (ACL’s) and Disk Quotas for Users and Groups

By: Kağan KILINÇ

Kağan KILINÇ — Mon, 10 Feb 2020 09:50:35 +0000

Hello friends.

I’m very sorry for English. I use google translation.

My problem is I installed zentyal 6.1, I created domain and users. windows machines domain extension is successful, but I want to share files. I create all privileges in file sharing, as a user, and as a group.

Although Windows computers are in the domain, when I try to enter shared folders, I am not authorized to give an element not found.

can you please help?

Thank you so much
Code: [Select] root@server01:/home/samba/shares# getfacl Kalite # file: Kalite # owner: root # group: adm user::rwx user:root:rwx group::rwx group:adm:rwx group:IZOPEK\134domain\040admins:rwx group:IZOPEK\134pazarlama:rwx mask::rwx other::r-x default:user::rwx default:user:root:rwx default:group::rwx default:group:adm:rwx default:group:IZOPEK\134domain\040admins:rwx default:group:IZOPEK\134pazarlama:rwx default:mask::rwx default:other::---

default:group:IZOPEK\134domain\040admins:rwx ? = 134domain\040admins group = domain admins default:group:IZOPEK\134pazarlama:rwx ? = 134pazarlam group = pazarlama

By: CHIADI

CHIADI — Thu, 16 May 2019 14:32:52 +0000

Hi Gabriel, Thanks greatly for your this article. You're one of the best. I tried to implement this in VirtualBox but with partial success - the usrquota worked perfectly but the grpquota does not, I have tried severally without success and searched online for any successful implementation of grpquota but found none. I would appreciate it if you go through some excerpts from my work pasted below. Could you tell why this user (udo) who is a member of testgrp group could exceed quota? I think the files created by udo (user) in that directory (/adihome/aditec) should belong to tesgrp (recursively made the directory). Thanks in advance. CHIADI
*** Report for group quotas on device /dev/sdf1 Block grace time: 7days; Inode grace time: 7days Block limits File limits Group used soft hard grace used soft hard grace ---------------------------------------------------------------------- testgrp -- 20 10240 30720 2 0 0 udo -- 11264 0 0 2 0 0 #See line from /etc/fstab UUID=5f76b6a0-3c16-4cff-9620-2666456d9723 /adihome/aditec ext4 defaults,grpquota 0 0 # Or see [adika@sv40 ~]$ sudo mount | grep adit /dev/sdf1 on /adihome/aditec type ext4 (rw,relatime,seclabel,grpquota,data=ordered) # see groups for user, udo [adika@sv40 ~]$ groups udo udo : udo testgrp mygrp #See file permissions [adika@sv40 ~]$ getfacl /adihome/aditec/ getfacl: Removing leading '/' from absolute path names # file: adihome/aditec/ # owner: root # group: testgrp user::rwx group::r-x group:testgrp:rwx mask::rwx other::r-x

By: AJ

AJ — Sun, 15 Oct 2017 19:48:28 +0000

This was very helpful ..thanks

By: Gabriel A. Cánepa

Gabriel A. Cánepa — Fri, 24 Jun 2016 13:19:00 +0000

@Nuno,
You raised an important point. As a general rule, you can access the contents of a directory if and only if you have execute permission on it. So yes, you were right. In the box I used to write this article, user gacanepa had been left as member of the developers group because even though I removed it, I did not log out and log back in to apply changes. My bad. Great catch!
@Ravi,
I’ll send you the needed correction via email.

By: Nuno

Nuno — Fri, 24 Jun 2016 09:55:33 +0000

In reply to Gabriel A. Cánepa.

@Gabriel,

I think I found the problem. For this to work, I have to give execution rights to others on the parent directory test for the user to be able to read directory content independently of the ACL rule. Otherwise it doesn’t work.

sudo chmod -R 775 /mnt/test OR sudo chmod -R 771 /mnt/test