# How to Set Multi Group ACLs



## kam270 (Aug 20, 2014)

Hi we have Free_NAS_ running on FreeBSD. We are having trouble getting the correct file permissions. We want to allow some users into a folder.

Currently one of our guys has conjured up this to try and make it work : `setfacl -m group@:rwWxpaRc::allow DIR` / or filename.

It seems to have the effect of allowing anyone in and they can read, write and execute. 

This the state of play from one directory:


```
getfacl testACLs
# file: testACLs
# owner: root
# group: Domain Admins
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:r-x-D-a-R-c---:fd----:allow
```

What we want is a user who belongs to two groups (admin, finance) to be able to go to folder that only certain groups can access. In short how do I set multi group functionality using ACLS?

Thanks for the help,

Dan  :OOO


----------



## DutchDaemon (Aug 20, 2014)

What does the FreeNAS forum say about it? The use of ACLs is not widespread on FreeBSD itself, but is a core part of FreeNAS. They should know the answer.


----------



## bryn1u (Aug 20, 2014)

Why don't you use TrustedBSD mac_basdextended (ugidfw)? You can do what ever you want to. Try, *I* will help you.


----------



## kam270 (Aug 21, 2014)

bryn1u said:
			
		

> Hey,
> 
> Why don't you use TrustedBSD mac_basdextended (ugidfw)? You can do what ever you want to. Try, *I* will help you.





Can we try to work out the correct ACLs first using  setfacl. I have *four* users in group *Finance*.  Only they should have  read write and execute acces  inside the folder  folder *FINANACE*.  What would my ACL look like ? 

The documention on setfacl isnt the easiest to wrap my head around : http://www.freebsd.org/cgi/man.cgi?quer ... 1#EXAMPLES


----------



## bryn1u (Aug 21, 2014)

I think to do this you don't need ACL. Use normal chmods. Make a group, put there these 4 users, add chmods for this folder rwx for owner and group, for others remove rwx. Something like, `chgrp -R group finance`, `chmod -R g+rwx folder`, `chmod -R o-rwx` folder and should work.

For ACL:
http://www.bsdguides.org/2005/working-with-acls/


----------



## kam270 (Aug 21, 2014)

bryn1u said:
			
		

> I think to do this you don't need ACL. Use normal chmods. Make a group, put there these 4 users, add chmods for this folder rwx for owner and group, for others remove rwx. Something like, chgrp -R group finance, chmod -R g+rwx folder, chmod -R o-rwx folder and should works.
> 
> For ACL:
> http://www.bsdguides.org/2005/working-with-acls/




What about if the user belongs to multiple groups. Is freebsd FreeBSD able to work out the correct permissions*?*


----------



## SirDice (Aug 21, 2014)

kam270 said:
			
		

> What about if the user belongs to multiple groups. Is FreeBSD able to work out the correct permissions?


Yes, as that's the whole point of the groups in the first place.


----------



## kam270 (Aug 22, 2014)

SirDice said:
			
		

> kam270 said:
> 
> 
> 
> ...




Ok I performed the tests again and removed the ACLs on the folder. I used the standard  rwx permissions  and it all works nicely. The user can belong to multiple groups and the correcrt permissions are respected.


----------

