ls throws errors when trying to access directory guarded with ACL

I have setup a directory and some files with setfacl.

jobq@workstation:~/Pool$ getfacl /etc/jobq
getfacl: Removing leading '/' from absolute path names
# file: etc/jobq
# owner: root
# group: jobq
user::rwx
user:jobq:rw-
group::r-x
group:jobq:rwx
mask::rwx
other::r-x

jobq@workstation:~/Pool$ sudo getfacl /etc/jobq/log.txt
getfacl: Removing leading '/' from absolute path names
# file: etc/jobq/log.txt
# owner: root
# group: jobq
user::rw-
group::rw-
group:jobq:rwx
mask::rwx
other::r--

jobq@workstation:~/Pool$ groups
jobq

However, when I run a command, like

ls -al /etc/jobq

I’m getting permission errors:

ls: cannot access '/etc/jobq/log.txt': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..

Since user jobq is in the group jobq, they should have access to the directory. What am I misunderstanding? How can I fix this?

Asked By: infinitezero

||

The problem comes from this ACL on /etc/jobq:

user:jobq:rw-

This means that user jobq can’t “search” the directory, which is what stops ls from showing its contents.

To fix this, you need to add the x permission. See Execute vs Read bit. How do directory permissions in Linux work? for details.

See also Restrictive "group" permissions but open "world" permissions? to understand why the group permissions don’t help here. Thus another solution would be to drop the user ACL for jobq, and rely on the group permissions instead.

Answered By: Stephen Kitt
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.