This scratch file was created by apache
-rw-rw-r--+ 1 apache apache 1960 Nov 16 2019 zlz7v5y9.php
When executing the following:
-bash-4.2$ rm zlz7v5y9.php
I get:
rm: cannot remove ‘zlz7v5y9.php’: Permission denied
Here are the permissions:
-bash-4.2$ getfacl zlz7v5y9.php
# file: zlz7v5y9.php
# owner: apache
# group: apache
user::rw-
user:tomr:rwx #effective:rw-
user:subtum:rwx #effective:rw-
group::rwx #effective:rw-
mask::rw-
other::r--
Oddly, I CAN edit the file but cannot delete it.
Why am I getting "Permission denied" when trying to delete this file?
UPDATE: Reissuing the setfacl command for a single user fixed the issue for BOTH users. Apparently the ACL system had died and setfacl woke it up? Even though it is working correctly now, I would like to know how this happened for the future. BTW, this is on a system that has had the same ACL config for years and suddenly it stopped working with no changes.
UPDATE#2: This issue keeps reappearing. I'm wondering if somehow a hacker has gotten in and is causing this. However, I run tripwire and do not see any suspicious system changes.
The File deletion is based on directory perms, not the file perms.
Did you check the directory permission (write)?
Note: You can have a directory where you enforce that only the owner of the file can delete it. This is useful for temp dirs.
Also, please check whether this directory have any "sticky" aka "restricted deletion" mode set (o+t). With this mode set, only the file's owner can move or delete files in that directory, regardless of any perms.