I have looked though the answers to similar questions and refreshed my memory on ACLs by reading tutorials on Linux ACLs. Yet, I am still stumped. What have I done wrong, or what do I not understand?
I have a file system mounted with the acl
option.
user@host:/srv$ grep srv /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /srv ext4 relatime,nodev,nosuid,user_xattr,acl 0 2
The user, user, is a member of the devs group.
user@host:/srv$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),1001(devs)
The umask is normal.
user@host:/srv$ umask
0022
A directory is created; group ownership and permissions are set.
user@host:/srv$ sudo mkdir lib; sudo chmod 0750 lib && sudo chgrp www-data lib
user@host:/srv$ ls -l
total 24
drwxr-x--- 2 root www-data 4096 May 21 18:00 lib
drwx------ 2 root root 16384 Feb 17 18:22 lost+found
drwxr-xr-x 3 root www-data 4096 May 21 17:25 www
An ACL is applied to the new directory.
user@host:/srv$ sudo setfacl -d -m g:devs:5 lib/
user@host:/srv$ getfacl lib
# file: lib
# owner: root
# group: www-data
user::rwx
group::r-x
other::---
default:user::rwx
default:group::r-x
default:group:devs:r-x
default:mask::r-x
default:other::---
I think I should be able to get a directory listing, but I cannot.
user@host:/srv$ ls lib/
ls: cannot open directory lib/: Permission denied
Best Answer
Gah - facepalm! The
-d
switch is used for new files and directories within the lib directory. An explicit ACL must be defined for the lib directory itself.Remove the ACLs.
Set the default ACL.
Test if the ACL allows members of the devs group to use
ls
.Add a new ACL for the directory, without the
-d
(default) switch.Copy a file into the lib directory.
Show the permissions.
Show the ACLs.
I am happy to receive any further insight about this.