Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

setfacl remove group permission

Tags:

linux

unix

system

I am trying to remove group ACL from a certain folder. It has permissions as below

$ getfacl --all-effective public
# file: public
# owner: sse02
# group: apache
user::rwx
group::r-x                      #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x              #effective:r-x
default:group:acct:rwx     #effective:rwx
default:mask::rwx
default:other::r-x
$

I wanted to remove the access granted to the group 'acct' with the following command, but it is not simply working

setfacl -x g:acct public

What could be going on wrong? Any ideas?

This is a RHEL5 box with ext3 file system.

like image 368
Sangfroid Avatar asked Oct 19 '11 16:10

Sangfroid


People also ask

Can setfacl be used to remove access from user1?

Even if the setfacl command is successful in removing access from user1, user1 might still be able to obtain access to the files in directory Haunted based on the file permission bits, assuming the user has search permission for Haunted. See Localization for more information.

Should I use chmod or setfacl for file permissions?

But, in case you may need to provide file permissions for some other users too, that can’t be done using chmod. Setfacl will assist you to get rid of such troubles.

What is the difference between getfacl and setfacl command in Linux?

Whereas, getfacl command is used to get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. Why use setfacl when we have chmod and chown command?

What is the difference between getfacl and access control list?

It allows us to provide permission for any user or group to any disk resource. Whereas, getfacl command is used to get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL.


1 Answers

The group:acct entry is listed with default: in front, and the setfacl man page suggests that the ACL specification can be (spaces added for clarity in the man page):

[d[efault]:] g[roup]:gid [:perms]

Permissions of a named group. Permissions of the owning group if gid is empty.

I think you should try:

setfacl -x d:g:acct public
like image 96
Jonathan Leffler Avatar answered Sep 28 '22 09:09

Jonathan Leffler