I have two users, Alice and Bob. Bob should be allowed to list, ls, Alice's home directory. Alice also has a file in her home directory that Bob should also be allowed to read.
I run these commands as root:
[root@corvatsch ~]# setfacl -m user:bob:r /home/alice/
[root@corvatsch ~]# setfacl -m user:bob:r /home/alice/file
This yields the following result in the ACLs:
[root@corvatsch ~]# getfacl -c /home/alice/
user::rwx
user:bob:r--
group::---
mask::r--
other::---
and
[root@corvatsch ~]# getfacl -c /home/alice/file
getfacl: Removing leading '/' from absolute path names
user::rw-
user:bob:r--
group::r--
mask::r--
other::r--
It looks as if Bob should now be able to read Alice's home folder as well as the content of the her file.
When Bob tries that, he gets:
[bob@corvatsch ~]$ ls -l /home/alice/
ls: cannot access /home/alice/file: Permission denied
total 0
-????????? ? ? ? ? ? file
(Note the questionmarks!) and
[bob@corvatsch ~]$ cat /home/alice/file
cat: /home/alice/file: Permission denied
Looks like Bob can read the home directory, although in a weird way. Ls lists the file but seems to have problems with the ACLs?
And cating the file seems to not work at all.
Can somebody explain what i am missing?
NOTE: (I'm running CentOS 6.4)
Best Answer
The
/home/alice/directory needs executable access for the user accessing it.EDIT: BTW, the question marks are there to indicate that
lscan't get the permissions on the file.