2

There is a directory /test/test2/. Its owner is root and the group is test and the permission is drwxr-xr-x. I executed setfacl -m group:test:w ./ in that directory.

Now, as the user test whose groups includes test, if I run getfacl ./ in that directory, the output is,

# file: . # owner: root # group: test user::rwx group::r-x group:test:-w- mask::rwx other::r-x

Now, if I execute touch test.txt, I get touch: cannot touch 'test.txt': Permission denied. Why is this so? Doesn't the setfacl -m add the permission to the chmod permission? I mean, I gave the test group write permission with setfacl, and since the group had r-x in traditional permission (that can be changed with chmod), doesn't this effectively give rwx to the test group?

I have tried namei -l /test/test2/, and the output was

f: /test/test2/ drwxr-xr-x root root / drwxr-xr-x root root test drwxrwxr-x root test test2
Improve this question

1 Answer 1

Reset to default
0

The main problem is here:

group:test:-w-

The group test does really have write permissions but not execute permissions so you will not be able to create anything under that directory. You will have to assign permission with something like this:

setfacl -m group:test:wx ./

Even if you assign UNIX write permissions but not execution permissions you won't be able to create anything

Improve this answer
5
  • You can find something related here Commented Dec 7, 2022 at 2:49
  • But the group already had r-x permission on the directory, and the directory's group was "test". So, when ACL is set, the traditional permissions are ignored for the same group? Commented Dec 7, 2022 at 6:25
  • @DamnVegetables As far as I know I would say yes. When a file/dir has ACLs this checks the permissions for the given user and if this one is not allowed for making reading,writing,executing then the action is rejected. Maybe you are confusing by what I answered to you some days ago in this answer: "However this behavior is correct because the Unix permissions and the owner drwxr-xr-x+ 2 guest guest allow to the guest user to cd and create files to /test/only_r" Commented Dec 7, 2022 at 7:28
  • In that case the directory only_r was owed by the same user so it was able to change/modify/create files under that directory. In this case as you said the test2 is owned by root as user, and test as group. But, I remember reading(but I did not find the thread) something about user permissions are primordial over group permissions. Commented Dec 7, 2022 at 7:34
  • For example, if I have a file with this perms: --x rwx --- test test, as you can the test user has x permissions but its group test has rwx permissions. Thus if you try to edit the file or reading it you will get a Permission Denied even if you are in the same group. In your case it seems that the test group is ignored and the ACLs are applied. You can swap the owner of your test2 dir: sudo chown test:root. And since the dir is now owned by test as a user the ACLs will be ignored (if you assign only write perms you will be able to read/write/change to the dir). Commented Dec 7, 2022 at 7:44

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.