ACL: giving - - - permissions for the owner of the file

Question

At the beginning, I have these permissions for a file:

# file: jar
# owner: my_user
# group: my_user
user::rw-
group::rw-
other::r--

After running this:

setfacl -m u:my_user:--- jar

and get this permissións:

# file: foobar
# owner: my_user
# group: my_user
user::rw-
user:my_user:---
group::rw-
mask::rw-
other::r--

I expected my_user not to have permissión to read (for example) this file, but it has..

score 3 · Answer 1 · answered Oct 10 '16 at 11:49

3

ACLs differentiate between ACL_USER (the line user::rw-), which is the owner of the file just like without ACLs and ACL_USER_OBJ (the line user:my_user:---), which are additional permission sets for users. In case of an ACL_USER_OBJ that is the same as the file owner ACL_USER, the latter will have higher priority.

So, in your case user::rw- overrides user:my_user:---.

Just use classic chmod.

answered Oct 10 '16 at 11:49

Sven

98,649
14
180
226

I think you got the names backward: `ACL_USER_OBJ` is for the file owner, and `ACL_USER` entries are for additional users. See [man acl](https://linux.die.net/man/5/acl) – Nick Matteo Nov 01 '21 at 17:41

ACL: giving - - - permissions for the owner of the file

1 Answers1