File ACL Fun. It is Wednesday, my dudes.

[user@jwickenhofer1 facltests]$ getfacl file

# file: file

# owner: user

# group: user

user::---

user:user:rw-

group::rw-

mask::rw-

other::---

The user 'user' has been given rw- to the file 'file,' and I set UGO to 060 to test this, but I still get permission denied when I try to read it. Do modal permissions trump explicit file ACL lines? Like, are file ACL lines subservient to the UGO section to which they pertain? Or am I missing something?

  • post-author-pic
    Jake W
    09-05-2018

    Or is this more like a serial read where it's being denied on user::--- before it ever even sees user:user:rw- in the ruleset? Like would an alternative be if it sees user::rwx and then sees user:user:rw- and restricts based on having seen that second rule down the line?

  • post-author-pic
    Stosh O
    09-06-2018

    Hi Jake,

    Traditional POSIX permissions will overide ACLs.

Looking For Team Training?

Learn More