Author Topic: Accidentally "Apply ACLs recursively" in /home path system.  (Read 1633 times)

blockcircuit03

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Accidentally "Apply ACLs recursively" in /home path system.
« on: February 15, 2018, 04:49:57 am »
Hi good day, I made a very big mistake. I accidentally make a folder using file system path "/home" and Apply ACLs recursively.

What happen is all users cannot enter their own folder. Anybody can help me to revert this back. I have backup configuration and tried to restore those saved configuration but nothing happen. Anybody can help me with this.
Thank you.

Temporarily i add all users in Domain Admin so that they can access all folders. But they can access all the folders not just their own folders.

By the way i used Zentyal 4.1

 

ckiendl

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Accidentally "Apply ACLs recursively" in /home path system.
« Reply #1 on: February 15, 2018, 12:00:16 pm »
I have barely just installed Zentyal and don't run it yet, so I can't say much about the Zentyal side of things (I guess just remove the ACL wherever you applied it, so Zentyal doesn't reapply it).

If, however, you have a backup of the file system, you can look up the folder permissions in the backup and re-set them on the command line or through the GUI, if you have one.

If you don't have one, you'll have to do a bit of work. Through either the command line or GUI, start by setting ownership and permissions of only the /home folder to root:root and 755 (chown root:root /home and chmod 755 /home).
Then for the individual user folders, the scheme is always the same: /home/someuserfolder itself has permissions 700, the files below vary according to what the user did - 644 is default.
The folder and all files below are owned by the user and and belong to the group "domain users" of your domain.

Run the following commands:
getent group | grep "domain users" - this will give you the name of your domain users group. It'll be in the Format NETBIOSDOMAIN\domain users.
getent passwd | grep "/home/" - this will give you a list of people who (may) have folders below /home. You should see all the usernames of your domain in the format NETBIOSDOMAIN\username as well as the home folders assigned to them (the foldername ends before the next colon, e.g. out of /home/username:/bin/bash, /home/username is the folder).

For each user, run the following commands, switching out NetBIOS-domain and username as appropriate:
chown -R "NETBIOSDOMAIN\username":"NETBIOSDOMAIN\domain users" /home/username # this will recursively reassign /home/username and everything below to that user. If the previously output user list shows a different home folder than /home/username, alter that part appropriately.
chmod -R 644 /home/username # this sets the folder and everything below it to to the default permissions of rw-r-r
chmod 700 /home/username # this corrects the permissions of the home folder itself to only be visible to the user

This is only the system side of things. I don't know what else Zentyal does on top of that. If any of those folders are mounted through a network, you will also have to check the Samba permissions.

blockcircuit03

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Accidentally "Apply ACLs recursively" in /home path system.
« Reply #2 on: February 15, 2018, 12:06:18 pm »
Thank you for this at least i have the idea but still can't fixed the issue. I have so many users. Do i need to set them example sharefolder_user1 folder..
so what i need to do is to set the sharefolder_user1 permission to of user1 to 755? What if sharefolder_user1 also have user2 access? What do i need to set permission?

ckiendl

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Accidentally "Apply ACLs recursively" in /home path system.
« Reply #3 on: February 15, 2018, 02:42:13 pm »
I haven't set up shared folders yet, so I can't tell what their default permissions are.

What you can do, however, is simply generate a few new ones for a dummy user and see what their owner and permissions on the hard drive are (e.g. through ls -ahl /home).

If they don't generate their own folders, the permissions are probably managed through Samba itself, not in the filesystem.

blockcircuit03

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +0/-0
    • View Profile
Re: Accidentally "Apply ACLs recursively" in /home path system.
« Reply #4 on: February 22, 2018, 07:48:42 am »
I already solved my problem by setting up /home folder to root permission.

By the way how to set specific folder with permission someting like this:

Example i have this folder: myshare
and i want to have this permission:  user1 {read/write}  , groupz {Administrator}

and another example: mysupershare
and i want to have this permission: user1 {Administrator} , groupZ, groupY {read/write}


Can i do that using command line?

Thanks