3

I have setup a directory and some files with setfacl.

jobq@workstation:~/Pool$ getfacl /etc/jobq
getfacl: Removing leading '/' from absolute path names
# file: etc/jobq
# owner: root
# group: jobq
user::rwx
user:jobq:rw-
group::r-x
group:jobq:rwx
mask::rwx
other::r-x

jobq@workstation:~/Pool$ sudo getfacl /etc/jobq/log.txt getfacl: Removing leading '/' from absolute path names

file: etc/jobq/log.txt

owner: root

group: jobq

user::rw- group::rw- group:jobq:rwx mask::rwx other::r--

jobq@workstation:~/Pool$ groups jobq

However, when I run a command, like

ls -al /etc/jobq

I'm getting permission errors:

ls: cannot access '/etc/jobq/log.txt': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..

Since user jobq is in the group jobq, they should have access to the directory. What am I misunderstanding? How can I fix this?

1 Answers1

3

The problem comes from this ACL on /etc/jobq:

user:jobq:rw-

This means that user jobq can’t “search” the directory, which is what stops ls from showing its contents.

To fix this, you need to add the x permission. See Execute vs Read bit. How do directory permissions in Linux work? for details.

See also Restrictive "group" permissions but open "world" permissions? to understand why the group permissions don’t help here. Thus another solution would be to drop the user ACL for jobq, and rely on the group permissions instead.

Stephen Kitt
  • 434,908