Sample Header Ad - 728x90

touch/mkdir seems to ignore default ACL

2 votes
1 answer
374 views
permissions acl mkdir touch
I am pretty sure it is a stupid mistake but I can't seem to figure it out by myself, so please have a look. I set up an ACL for the current folder like so: 
zigbee2mqtt@nuc:/tmp/folder$ getfacl .
# file: .
# owner: zigbee2mqtt
# group: zigbee2mqtt
user::rwx
user:stack:r-x
user:zigbee2mqtt:rwx
user:milkpirate:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:stack:r-x
default:user:zigbee2mqtt:rwx
default:user:milkpirate:rwx
default:group::---
default:mask::rwx
default:other::---
zigbee2mqtt@nuc:/tmp/folder$ id
uid=978(zigbee2mqtt) gid=977(zigbee2mqtt) groups=977(zigbee2mqtt)
so when I now create a folder/file in that folder like so: 
zigbee2mqtt@nuc:/tmp/folder$ touch foo; mkdir bar
It results in the following permission on the folder foo: 
zigbee2mqtt@nuc:/tmp/folder$ getfacl foo
# file: foo
# owner: zigbee2mqtt
# group: zigbee2mqtt
user::rwx
user:stack:r-x
user:zigbee2mqtt:rwx
user:milkpirate:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:stack:r-x
default:user:zigbee2mqtt:rwx
default:user:milkpirate:rwx
default:group::---
default:mask::rwx
default:other::---
which looks fine so far. But the ACL of the file then looks off: 
# file: bar
# owner: zigbee2mqtt
# group: zigbee2mqtt
user::rw-
user:stack:r-x                  #effective:r--
user:zigbee2mqtt:rwx            #effective:rw-
user:milkpirate:rwx             #effective:rw-
group::---
mask::rw-
other::---
1. I would expect the mask to be rwx (desired). 2. Since group and other are --- (desired) the permission in ls -la to be the same, but they are: 
zigbee2mqtt@nuc:/tmp/folder$ ls -la
total 20
drwxrwx---+  3 zigbee2mqtt zigbee2mqtt 4096 Jan 15 17:55 .
drwxrwxrwt  16 root        root        4096 Jan 15 17:59 ..
-rw-rw----+  1 zigbee2mqtt zigbee2mqtt    0 Jan 15 17:55 bar
drwxrwx---+  2 zigbee2mqtt zigbee2mqtt 4096 Jan 15 17:55 foo
but I would expect (and desire): 
zigbee2mqtt@nuc:/tmp/folder$ ls -la
total 20
drwxrwx---+  3 zigbee2mqtt zigbee2mqtt 4096 Jan 15 17:55 .
drwxrwxrwt  16 root        root        4096 Jan 15 17:59 ..
-rw-------+  1 zigbee2mqtt zigbee2mqtt    0 Jan 15 17:55 bar
drwx------+  2 zigbee2mqtt zigbee2mqtt 4096 Jan 15 17:55 foo
**EDIT:** Ok, did some testing and all seems to work as desired, the result of ls -la does not seem to reflect the correct rights: 
zigbee2mqtt@nuc:/tmp/folder$ sudo -u nginx -g zigbee2mqtt bash
nginx@nuc:/tmp/folder$ ls
ls: cannot open directory '.': Permission denied
Asked by milkpirate (123 rep)
Dec 28, 2022, 12:22 AM
Last activity: Jan 15, 2023, 06:46 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "permissions"
More questions tagged "acl"
More questions tagged "mkdir"
Footer Ad - 728x90