Lab 6.3, file permissions issue! First post/question!

tpcm

Hi everyone! This is my first post and I feel like its a super simple one, in lab 6.3 I've created a file and changed perissions for a new user to be able to write to that file when logged into. However I keep getting "-sh: 1: cannot create /tmp/afile: Permission denied" when I try to echo a new line into the file or save a new line with nano. Any ideas?

These are the files permissions:
getfacl: Removing leading '/' from absolute path names

file: tmp/afile

owner: thomas

group: thomas

user::rw-
user:rocky:rw-
group::rw-
mask::rw-
other::rw-

Thank you!!

jma0770

Hello, coincidentally, I am on the same lab, 6.3, and am experiencing the same issue.
I can read the file with vi editor, but cannot write to it.
Also, echo This is a new line >> /tmp/afile is getting a permission denied result.

My commands are:
setfacl -m u:testuser:rw /tmp/afile

getfacl /tmp/afile
file: tmp/afile
owner: janderson
group: janderson
user::rw-
user:testuser:rw-
group::rw-
mask::rw-
other::---

testuser@Ubuntoo2204:~$ cat /tmp/afile
This is a file

testuser@Ubuntoo2204:~$ echo This is a new line >> /tmp/afile
-bash: /tmp/afile: Permission denied

luisviveropena

Hi @tpcm and @jma0770,

For some permissions on /tmp, it's not possible to modify the file. So I created a subdirectory called "test" on /tmp, so it's /tmp/test. I moved the "afile" file to the new directory, /tmp/test. Did the test again and it worked.

Please confirm if the workaround works for you.

Regards,
Luis.

jma0770

Okay, my thought was that the /tmp directory was not allowing x(executable) for the 'other' permission.
On the /tmp directory, I changed the 'other' or 'world' permission from t(sticky)bit to x via chmod o=rwx /tmp. The original for o was rwt.
I can now write to the afile file in the /tmp directory.

I put the t(sticky)bit back onto the /tmp directory for I don't want to change any global/system settings on the directory.

I tried adding the testuser to the facl on the /tmp directory with rwx, still unable to write to the afile file just using the facl feature by itself.

I moved the afile to my home directory. My home directory is allowing x for 'world'.
I added testuser to the facl with rw- on the afile and am able to read/write to it.
When I remove testuser from the facl, rw permission is denied as expected.

I don't know if using a system directory is the best way to test the facl feature. But, I'm new to all of this, so I may be way off.

luisviveropena

Hi @jma0770,

Okay, my thought was that the /tmp directory was not allowing x(executable) for the 'other' >permission.
On the /tmp directory, I changed the 'other' or 'world' permission from t(sticky)bit to x via chmod >o=rwx /tmp. The original for o was rwt.
I can now write to the afile file in the /tmp directory.

That looks too messy.

So, this is what I did on Ubuntu 22.04 LTS and worked for me:

In window 1:

1.- echo This is a file > /tmp/afile
2.- mkdir /tmp/test
3.- mv /tmp/afile /tmp/test
4.- setfacl -m u:fool:rw /tmp/test/afile

In window 2 with user "fool":

1.- echo another line > /tmp/test/afile

==> That worked.

Regards,
Luis.

jma0770

@luisviveropena
That worked for me as well!

luisviveropena

@jma0770 that's nice!!

Regards,
Luis.

tpcm

@luisviveropena This worked thank you! And the reason it wasn't working before is due to the permissions in the /tmp directory as a whole?

luisviveropena

Hi @tpcm ,

This worked thank you!

It's a pleasure!

And the reason it wasn't working before is due to the permissions in the /tmp directory as a whole?

Yep, it's about the Sticky Bit on /tmp.

Regards,
Luis.