ACL group permission still not allowing write permissions

Question

There's a file called '/etc/file.conf' on my filesystem.

$ getfacl /etc/file.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/file.conf
# owner: root
# group: root
user::rw-
group::r--
other::r--

I want the my account 'userr' to have write permissions so my Python script can write to it. It's owned by root so my idea was to create a new group and setfacl that to it.

$ sudo groupadd rsnap
$ sudo usermod -a -G rsnap userr
$ id userr
uid=1000(userr) gid=1000(userr) groups=1000(user),27(sudo),1001(rsnap)
$ sudo setfacl -m g:rsnap:rw /etc/file.conf

$ getfacl /etc/file.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/file.conf
# owner: root
# group: root
user::rw-
group::r--
group:rsnap:rw-
mask::rw-
other::r--

However..

$ echo "Test" >> /etc/file.conf
-bash: /etc/file.conf: Permission denied

What have I missed?

Answer 1

You modified /etc/rsnapshot.confbut you tested with /etc/file.conf.

You still need to enable the mask via:

setfacl -m m:rw- filename

or

setfacl -m m::rw- filename

depending on the OS - note that this kind of ACLs was never standardized. A related standard proposal from 1993 was withdrawn in 1997.

BTW: I just notice that your mask may have been set already. So you still used the wrong filename.

Problems in this outdated ACL propsal will occur frequently as the standard proposal was never finished and as there was an aggreement that it is not what cutomers like to have.