Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...you guys have given us a way of asking a question and getting some very timely feedback from other users so we don't have to re-invent the wheel time and again..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Operating Systems - UNIX based > Sun: Solaris Forum

Question for Unix gurus - password less sftp and ACLs Sun Solaris

thread60-1677703
Read More Threads Like This One
AlStl (MIS)
13 Mar 12 10:18
This question is for all Unix gurus out there.

I know that for password less sftp to work home directory should have go-w ex:
/user/home/europa
drwx--x--x   7 europa   saturn         512 Mar 12 10:30 .

This is a SUN Solaris machine 5.10:
I want to use ACLs to allow another user:mars that is not part of group saturn to be able to RWX in direcroty: /user/home/europa/mars_can_write

Say, if I do something like this:

setfacl -m user:mars:r-x /user/home/europa
setfacl -m user:mars:rwx /user/home/europa/mars_can_write
setfacl -m m:rwx /user/home/europa/mars_can_write

Will creating an ACL entry for /user/home/europa cause any issue with current permission for /user/home/europa, which is ideally set for password less sftp i.e. group and others do not have permission to W as shown below:

drwx--x--x   7 europa   saturn         512 Mar 12 10:30 .

 
I did this and  password less sftp stopped working between servers i.e. it's started to ask for password when invoking sftp from one machine to another. Public key and authorized keys are set up perfectly between servers.

Thanks,

Al  

 
 
Annihilannic (MIS)
13 Mar 12 19:13
I tried this on my Solaris 10 system and making the changes you described did not break passwordless sftp.  Are you sure that's what did it?  Have you tried removing the ACLs again, and does that restore sftp access?

Also, what type of filesystem is this on, ufs?

Annihilannic
tgmlify - code syntax highlighting for your tek-tips posts

AlStl (MIS)
14 Mar 12 16:14
Annihilannic,

You are absolutely correct. ACLs had nothing to do with breaking of sftp. It was because of public keys were not in sync between machines.

I must say ACLs gives lot of flexibility over standard unix UGO file permissions.

Do we have something similar on Linux side or this is just implemented within Sun Solaris ?

Al

 
Annihilannic (MIS)
14 Mar 12 19:50
ACLs are great.  I especially like the "default" one which allows you to set default ownership and permissions for files created in a directory.  The only caveat is that they are not supported everywhere, nor by all OS utilities (e.g. tar).

Regarding Linux, yes, but it depends on kernel and filesystem support.  Also I seem to recall the ACL syntax differed slightly, but I haven't played with them much recently.

You can see which filesystems support it in this table:

http://en.wikipedia.org/wiki/Comparison_of_file_systems#Metadata

Note also the footnote regarding ext2/3/4, etc.  

Annihilannic
tgmlify - code syntax highlighting for your tek-tips posts

AlStl (MIS)
16 Mar 12 12:17
Annihilannic,

That is very intresting that utilities like tar does not support ACL's. I wonder if java deployment utilitiy jar supports ACL's ?

I am going to try installing a java application by a user that is setup to RWX using ACL's:

jar -xvf mars.war

Al
Annihilannic (MIS)
18 Mar 12 20:43
I'd say it's unlikely to support them.  You may need to prepare a post-installation script to set them up.

Annihilannic
tgmlify - code syntax highlighting for your tek-tips posts

Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Sun: Solaris

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close