Hi,

I'm trying to teach myself Linux using the RHCSA/RHCE Redhat Linux Certifiation Guide. I'm working through the section on ACLs and I'm not experiencing the behaviour described in the guide and would appreciate someone's guidance on this please.

The guide states "Before a file or directory can be configured with ACLs, you need to mount the associated filesystem with the same attribute."
e.g.
# mount -o remount -o acl /dev/sda3 /home

# mount|grep acl
/dev/sda3 on /home type ext4 (rw,acl)

Whilst exploring this feature I have been able to set acls on directories and files in filesystems that haven't been mounted with the acl option, for example:

[root@test ~]# pwd
/root

[root@test ~]# df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/vda5 6.0G 1.8G 3.9G 32% /

[root@test ~]# getfacl /root
getfacl: Removing leading '/' from absolute path names
# file: root
# owner: root
# group: root
user::r-x
group::r-x
other::---

[root@test ~]# mount|grep acl

[root@test ~]# setfacl -m u:gareth:rwx /root

[root@test ~]# getfacl /root
getfacl: Removing leading '/' from absolute path names
# file: root
# owner: root
# group: root
user::r-x
user:gareth:rwx
group::r-x
mask::rwx
other::---

[root@test ~]# su - gareth

[gareth@test ~]$ ls -l /root
total 36
-rw-------. 1 root root 991 Mar 1 19:35 anaconda-ks.cfg
-rw-r--r--. 1 root root 107 Mar 1 19:38 ifcfg-eth0.dhcp
-rw-r--r--. 1 root root 203 Mar 1 20:46 ifcfg-eth0.static
-rw-r--r--. 1 root root 16375 Mar 1 19:34 install.log
-rw-r--r--. 1 root root 5658 Mar 1 19:31 install.log.syslog
[gareth@test ~]$ logout

[root@test ~]# setfacl -b /root

[root@test ~]# getfacl /root
getfacl: Removing leading '/' from absolute path names
# file: root
# owner: root
# group: root
user::r-x
group::r-x
other::---

Is anyone able to offer any guidance on this? I've trawled the internet and already searched this forus but can't get an answer.

Regards

Gareth

They are enabled by default.

That's not implied at all in my certification guide and if that was the case why does the redhat documentation suggest otherwise aswell?

If it was enabled by default it's unlikely they would list it an example of a setting you'd add to a filesystem.

Use command "tune2fs -l" to see the options set for a file system, including the default mount options. For example:

Documentation isn't always right.

Many thanks Mark. It seems all the filesystems in my KVM have acls enabled by default



So despite it not being listed as enabled when I run mount, it is actually enabled.

I tried setting an acl on filesystem that didn't have acls enabled by default and I got this error:


It all makes sense now...sort of.

Gareth

Marking thread as solved (hopefully) by updating the subject.

Ah, seems not. Not sure how to mark this as solved.

Just do as you have done.

Mark your last post to the thread appropriately and a moderator will do likewise, on your behalf, to the first post of the thread.