One is not better than the other, they are just different methods and way of thinking.
You can use both permissions system on the same path without problems.
They interfere with each other when modifying owner's, owning group and other permissions: when setting current value for these from setfacl, it will actually set the posix permission, not the ACL one.
Posix permissions only allows an owner, owning group and "everyone" permission while ACL allows multiple "owning" users and group.
ACL also allows setting default permissions for new files in a folder.
You can add more permission management on top of both with apparmor or selinux for stricter control.
ls -l
I am only going to see posix permissions and ACL ones that limit the file further won't be shown? Or will the posix permissions be respected regardless? – mFeinstein May 12 '17 at 00:39ls -l
puts a+
at the end of the permissions characters to indicate that ACL are present. If ACL are present then the basic permissions do not tell the full story: ACL override POSIX permissions. – Gilles 'SO- stop being evil' May 12 '17 at 00:42+
at least stops me from getting myself off guard – mFeinstein May 12 '17 at 00:45ACL override POSIX permissions
This is exactly backwards. There is a principle of "least surprise" which dictates that effective ACLs will reduce permissions to match the POSIX permissions. So, for example if your primary group has r-x permission, you can set an ACL for another group with rwx, but this new group will effectively only have r-x permissions. – pgoetz Nov 11 '21 at 10:12