permission for user

Hello Erman,

my environment has the following details:

Exadata Linux 8
Oracle DB 19c

we have 1 user gxuser which has primary group gftmove. Oracle has primary group oinstall.

Whenever we transfer files to a directory using gxuser, the files have primary group gftmove. When procedure runs, it is unable to delete the files unless we set the file group to oinstall or give them full permission 777.

 gxuser gftmove    12878 Jan 24 17:06 test.csv

chown gxuser:oinstall test.csv

Is there a way we can automatically change the file permissions to group oinstall for new files which enter the directory? or how can we set the files to 777?

Thanks,

Roshan

You can do those things with "setfacl"

Following is an example/demo: (you may need to modify the command according to your exact needs of course)

[root@ebsclone /]# mkdir testerman
[root@ebsclone /]# ls -al testerman
drwxr-xr-x   2 root root    6 Jan 25 14:37 .
dr-xr-xr-x. 37 root root 4096 Jan 25 14:37 ..

[root@ebsclone /]# touch testerman/erm1
[root@ebsclone /]# ls -al testerman/erm1
-rw-r--r-- 1 root root 0 Jan 25 14:38 testerman/erm1

[root@ebsclone /]# getfacl testerman
# file: testerman
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[root@ebsclone /]# getfacl testerman/erm1
# file: testerman/erm1
# owner: root
# group: root
user::rw-
group::r--
other::r--

[root@ebsclone /]# su - applmgr
[applmgr@ebsclone ~]$ cd /testerman
[applmgr@ebsclone testerman]$ rm -f erm1
rm: cannot remove âerm1â: Permission denied

[applmgr@ebsclone testerman]$ exit

[root@ebsclone /]# setfacl -m default:g::rwx -m o::rwx testerman
[root@ebsclone /]# getfacl testerman
# file: testerman
# owner: root
# group: root
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

[root@ebsclone /]# touch testerman/erm2
[root@ebsclone /]# getfacl testerman/erm2
# file: testerman/erm2
# owner: root
# group: root
user::rw-
group::rw-
other::rw-

[root@ebsclone /]# getfacl testerman/erm1
# file: testerman/erm1
# owner: root
# group: root
user::rw-
group::r--
other::r--

[root@ebsclone /]# su - applmgr
[applmgr@ebsclone ~]$ cd /testerman
[applmgr@ebsclone testerman]$ ls -al

drwxr-xrwx+  2 root root   30 Jan 25 14:38 .
dr-xr-xr-x. 37 root root 4096 Jan 25 14:37 ..
-rw-r--r--   1 root root    0 Jan 25 14:38 erm1
-rw-rw-rw-   1 root root    0 Jan 25 14:38 erm2

[applmgr@ebsclone testerman]$ rm erm2

Thanks

Hi,

setfacl -m default:g::rwx -m o::rw CM_FundDividend
setfacl: CM_FundDividend: Operation not supported

I guess setfactl is not supported on asm filesystems. Is there a workaround for that?
/dev/asm/osa_acfsc1-234

Regards,
Roshan

ASM filesystem.. You mean ACFS or what?

Anyways, did you see the following MOS note? -->

How To Setup ASM ACLs (ASM Access Control Lists). (Doc ID 1491726.1)

I meant ACFS

Okay..

Linux ACLs are not supported with ACFS. You can use the ACFS security realms..

see -->
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ostmg/understand-acfs-admin.html#GUID-41F44E7A-7547-4D04-A8E7-072C3A697867
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ostmg/steps-manage-acfs.html#GUID-30627065-670B-4477-B504-B41D50D476DF
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ostmg/understand-acfs-admin.html#GUID-5591C710-D763-4F72-BB56-A1452CA6AAB2
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ostmg/steps-manage-acfs.html#GUID-01EA8FA1-C136-4968-86D4-9F54B39F903C