This scratch file was created by apache
-rw-rw-r--+ 1 apache apache 1960 Nov 16 2019 zlz7v5y9.php
When executing the following:
-bash-4.2$ rm zlz7v5y9.php
I get:
rm: cannot remove ‘zlz7v5y9.php’: Permission denied
Here are the permissions:
-bash-4.2$ getfacl zlz7v5y9.php
# file: zlz7v5y9.php
# owner: apache
# group: apache
user::rw-
user:tomr:rwx #effective:rw-
user:subtum:rwx #effective:rw-
group::rwx #effective:rw-
mask::rw-
other::r--
Oddly, I CAN edit the file but cannot delete it.
Why am I getting "Permission denied" when trying to delete this file?
UPDATE: Reissuing the setfacl command for a single user fixed the issue for BOTH users. Apparently the ACL system had died and setfacl woke it up? Even though it is working correctly now, I would like to know how this happened for the future. BTW, this is on a system that has had the same ACL config for years and suddenly it stopped working with no changes.
UPDATE#2: This issue keeps reappearing. I'm wondering if somehow a hacker has gotten in and is causing this. However, I run tripwire and do not see any suspicious system changes.