我有一个应用程序在/ opt / reports中生成报告文件,其文件在0600拥有root:root.为了允许外部系统自动处理这些报告,我创建了一个具有组’report’的新服务帐户用户,更改了/ opt / reports组用于报告和设置SUIG位,然后在/ opt / reports目录中设置默认ACL,以包含400的报告组和400的掩码.
我注意到,当我手动创建文件时,权限都按预期设置,但是当应用程序创建文件时,默认值不会被继承.
[root@reports1 ~]# getfacl /opt/reports getfacl: Removing leading '/' from absolute path names # file: opt/reports # owner: root # group: report user::rwx group::r-x other::r-x [root@reports1 ~]# setfacl -R -d -n -m g:report:r,m::r /opt/reports/ [root@reports1 ~]# getfacl /opt/reports getfacl: Removing leading '/' from absolute path names # file: opt/reports # owner: root # group: report user::rwx group::r-x other::r-x default:user::rwx default:group::r-x #effective:r-- default:group:report:r-- default:mask::r-- default:other::r-x
手动创建文件似乎工作正常
[root@reports1 ~]# echo "This is a test file" > /opt/reports/testfile.txt [root@reports1 ~]# ls -l /opt/nessus_reports/testfile.txt -rw-r--r--+ 1 root report 20 Apr 24 11:16 /opt/reports/testfile.txt [root@reports1 ~]# getfacl /opt/reports/testfile.txt getfacl: Removing leading '/' from absolute path names # file: opt/reports/testfile.txt # owner: root # group: report user::rw- group::r-x #effective:r-- group:report:r-- mask::r-- other::r--
[root@reports1 ~]# ls -l /opt/reports/018b274b-7c21-859d-6295-1af24b14da8451d8fe886e9c192d -rw-------+ 1 root report 125952 Apr 24 11:18 /opt/reports/018b274b-7c21-859d-6295-1af24b14da8451d8fe886e9c192d [root@reports1 ~]# getfacl /opt/reports/018b274b-7c21-859d-6295-1af24b14da8451d8fe886e9c192d getfacl: Removing leading '/' from absolute path names # file: opt/reports/018b274b-7c21-859d-6295-1af24b14da8451d8fe886e9c192d # owner: root # group: report user::rw- group::r-x #effective:--- group:report:r-- #effective:--- mask::--- other::---
这是预期的行为,我只是误解了所涉及的术语?我错过了某处的旗帜或选项,我是否完全从错误的方向接近它?
