Home / ubuntu / Questions / 1017052
Accepted
Baa
Asked: 2018-03-19 09:17:44 +0800 CST

Discrepancy with the output of `ls -al` and `getfacl`

  • 772

I have run the following script to set permissions into /etc/nginx

#!/usr/bin/env bash

sudo chown -R root:root /etc/nginx
sudo chmod -R 0750 /etc/nginx
sudo setfacl -Rbk -m g:hugo:rwx /etc/nginx
sudo setfacl -R --mask -m g:www-data:rx /etc/nginx

However, when I check the permissions afterwards there is a discrepancy in the results for the 'group' of ls -al and getfacl

$ ls -al /etc/nginx
total 24
drwxrwx---+   5 root root 4096 Mar 18 17:07 .

$ getfacl /etc/nginx
getfacl: Removing leading '/' from absolute path names
# file: etc/nginx
# owner: root
# group: root
user::rwx
group::r-x
group:www-data:r-x
group:hugo:rwx
mask::rwx
other::---

Why?

chmod 18.04 acl

1 Answers

  1. Best Answer

    What you see with ls is the mask entry of the ACL. From man setfacl, the mask entry seems to reflect the maximum possible permissions that can be set on an ACL entry.

    the permissions of the mask entry are further adjusted to include the union of all permissions affected by the mask entry

    The access rights you see in your example with ls for the default group root:rwx are wrong as the effective rights are now controlled by the ACLs.

    • 3