Permission error when "touch"ing file with different user

anaigini45 · January 18, 2019, 1:43am

Hi,

There are 2 users (T886072 & T864764) that need to be provided full (rwx) access to a directory. I made the changes to the directory permissions using chmod and setfacl :

root@digidb2:[/root]# chmod 700 /u02/ftpfiles/MFRS16/discount_rates/
root@digidb2:[/root]# setfacl -s user::rwx,group::---,other:---,mask:rwx,user:T886072:rwx,user:T864764:rwx /u02/ftpfiles/MFRS16/discount_rates

This is how the directory permissions look after changes have been made :

root@digidb2:[/u02/ftpfiles/MFRS16/discount_rates]# ls -ld .
drwx------+  2 applprod other         96 Jan 18 11:21 .
root@digidb2:[/u02/ftpfiles/MFRS16/discount_rates]# getfacl .

# file: .
# owner: applprod
# group: other
user::rwx
user:T886072:rwx                #effective:rwx
user:T864764:rwx                #effective:rwx
group::---              #effective:---
mask:rwx
other:---
root@digidb2:[/u02/ftpfiles/MFRS16/discount_rates]#

With these permissions, the users are able to cd into the directory and touch files without problems. However, if I re-touch the same filename in the directory, I get the error below only for user T864764 .The other user (T886072) does not have this problem.

User T886072 :

bash-3.00$ id
uid=1331(T886072) gid=1(other)
bash-3.00$ pwd
/u02/ftpfiles/MFRS16/discount_rates
bash-3.00$ touch abc
bash-3.00$ ls -lrt
total 0
-rw-r--r--   1 T886072  other          0 Jan 18 14:34 abc
bash-3.00$ touch abc
bash-3.00$ ls -lrt
total 0
-rw-r--r--   1 T886072  other          0 Jan 18 14:34 abc
bash-3.00$ touch abc
bash-3.00$ ls -lrt
total 0
-rw-r--r--   1 T886072  other          0 Jan 18 14:35 abc
bash-3.00$ touch abc
bash-3.00$

User T864764 :

$ id
uid=1332(T864764) gid=1(other)
$ pwd
/u02/ftpfiles/MFRS16
$ bash
bash-3.00$ cd discount_rates/
bash-3.00$ pwd
/u02/ftpfiles/MFRS16/discount_rates
bash-3.00$ ls -lrt
total 0
-rw-r--r--   1 T886072  other          0 Jan 18 14:35 abc
bash-3.00$ touch abc
touch: cannot change times on abc: Permission denied
bash-3.00$ touch abc
touch: cannot change times on abc: Permission denied
bash-3.00$

Please help debug why this problem happens.

nezabudka · January 18, 2019, 3:35am

User T864764 is not the owner of this file abc and cannot recreate it.
-rw-r--r--
Second user in the same group so you can only read it. r--
To change the file, you need to add permissions to this file from the first user.
-rw-rw-r--

--- Post updated at 08:35 ---

Or create another file

touch ABC

go to the first user and you also can not update the new file ABC.

RudiC · January 18, 2019, 6:25am

Be aware that the title you chose for this thread ("Getting error when touch more than 1 instance of the same file") was somewhat misleading - I modified it for you, moved it to an adequate forum, edited the tags, and added the "solved" tag.

joker · January 18, 2019, 6:53am

Hi anaigini45,

you set extended permissions for the directory - but not for the files(You'l see that if you look at getfacl yourfile ). The directory permissions are not inherited to the file. If you want to have it that way, you must set the extended permissions in some way.

Regards,
Stomp

--- Post updated at 12:53 PM ---
Anyway: You did not mention anything about your environment. Help could be more useful with details about that. My local version of setfacl does not support an -s option.

My setfacl here says it is possible to use the -d option to specify a default acl, which is used for any element, created in that directory. This may help you. Have a look into your manpage of setfacl.(I can not help you with other unices than linux here anyway).

To me this thread is not solved.