System goes into read-only mode after upgrading to CentOS 7.4.
"kernel: XFS (dm-0): unknown mount option [acl]"
Remove acl option for xfs filesystem.
/dev/mapper/centos-root / xfs defaults
,acl 0 0
In XFS file-system acl is enabled by default. Therefore, it is not needed to mention it explicitly in /etc/fstab file. Prior to CentOS 7.4, acl option was being ignored by systemd daemon even if it was added in /etc/fstab for xfs file-system.
Alternative, what it not recommended but it works, change “ro” read-only to “rw” read-write in /etc/grub2.cfg file.
linux16 /vmlinuz-3.10.0-693.11.6.el7.x86_64 root=/dev/mapper/centos-root rw rd.lvm.lv=centos/root rd.lvm.lv=centos/swap crashkernel=auto rhgb quiet
Set a directory with rwx inherit default permissions for groups, also to ensure that all files and directories crated in will have ownership the “users” group.
All new files created in the directory will have the group set to the group of the directory.
chmod g+s user1
Set the set file access control lists (ACL), set the group to rwx default and others to read access only.
setfacl -d -m g::rwx user1
setfacl -d -m o::r user1
server:/home # l user1/
drwxr-xr-x 12 root root 4096 Jul 24 10:38 ./
drwxr-xr-x 26 root root 4096 Oct 16 15:03 ../
drwxrwsr-x+ 4 user1 users 4096 Oct 28 15:16 user1/
drwxr-xr-x 2 user2 users 4096 Oct 28 15:15 user2/
drwxr-xr-x 6 user3 dba 4096 Oct 13 14:24 user3/
drwx------ 2 root root 16384 Apr 17 2014 lost+found/
server:/home> getfacl user1/
# file: user1/
# owner: user1
# group: users
# flags: -s-
drwxrwsr-x+ 4 user1 users 4096 Oct 28 15:36 ./
drwxr-xr-x 12 root root 4096 Jul 24 10:38 ../
-rw------- 1 user1 users 2197 Oct 28 15:14 .bash_history
drwxrw-r-- 2 user1 users 4096 Oct 27 08:43 bin/
-rw-rw-r-- 1 user2 users 0 Oct 28 15:36 createdbyuser2.txt
-rw-rw-r-- 1 user1 users 10324 Oct 21 09:22 createdbyuser1.txt
Traditionally, three permission sets are defined for each file object on a Linux system. These sets include the read (r), write (w), and execute (x) permissions for each of three types of users—the file owner, the group, and other users. In addition to that, it is possible to set the set user id, the set group id, and the sticky bit. This lean concept is fully adequate for most practical cases. However, for more complex scenarios or advanced applications, system administrators formerly had to use a number of workarounds to circumvent the limitations of the traditional permission concept.
Continue reading “Access Control Lists aka ACLs for Linux file systems.”