13.04.2019 13:36, Carlos E. R. пишет:
On 13/04/2019 06.46, Andrei Borzenkov wrote:
12.04.2019 23:02, Carlos E. R. пишет:
User "cer-g" is member of groups "users" and "cer"
Directory has group permission "rwx"
It does not.
No, group has "rwx".
Sigh ... if you know everything why do you even ask in the first place? And if you ask, may be you can accept the fact that those who answer may actually know what they are talking about?
Group ACL as "---". I thought the main permissions had priority.
Read "man 5 acl", especially sections "CORRESPONDENCE BETWEEN ACL ENTRIES AND FILE PERMISSION BITS" and "ACCESS CHECK ALGORITHM".
and is owned by "cer:cer" Same for parent directory.
The user "cer-g" is denied access to the directory "Conviction/" and others.
Why?
File permissions deny access to members of file group.
No, ACL permissions deny access.
Sigh again ... they *are* permissions bits. The fact that ls displays ACL mask instead of group permissions does not change the fact that group permissions deny any access to group.
I also have this:
cer-g@Isengard:/data/My_Book/Fusion/Videos> getfacl Conviction # file: Conviction # owner: cer # group: cer # flags: --t user::rwx user:wwwrun:r-x group::--- ^^^^^^^^^^^^ mask::rwx other::r--
Yes, I thought of that this morning, but it is not my doing.
So what? You asked why you cannot access this directory and this is the answer.
The command I used to set ACLSs was:
setfacl -m u:wwwrun:rx
The file was copied from another directory, by rsync.
Original file:
cer-g@Isengard:~/F_Videos/1_Almacenar> getfacl Conviction # file: Conviction # owner: cer-g # group: cer # flags: --t user::rwx user:wwwrun:r-x group::rwx <===== mask::rwx other::r--
copied file:
cer-g@Isengard:~/F_Videos/1_Almacenar> cer-g@Isengard:~/F_Videos/3_MyBook_Videos> getfacl Conviction # file: Conviction # owner: cer # group: cer user::rwx user:wwwrun:r-x group::--- <==== mask::rwx other::r--
How has the ACL changed ?
ACL did not change. Group permissions changed. Trivial answer is umask. Less trivial answer is default ACL on parent directory. You are in the best position to debug it as only you can reproduce it in your environment.
(the 't' I deleted yesterday)
The command to copy the files was:
cer@Isengard:~> time rsync --archive --acls --xattrs \ --hard-links --sparse --stats --human-readable \ --checksum /data/waterhoard/Fusion/Videos/1_Almacenar/ \ /data/My_Book/Fusion/Videos/
I told rsync to keep the ACLS, but it has modified them.