Permission denied to directory, despite group permission set OK

I tried to change directory to eli from other users belonging to the group “eli” and it failed with

$ cd ../eli/
-bash: cd: ../eli/: Permission denied

despite everything begin OK with the classic UNIX settings.

Reminder: After settings groups, there’s a need to either logout and login again, or use “su -” to refresh group settings. The “id” command reveals the effective group memberships.

It turns out that there’s another layer of settings, ACL (Access Control List), which is yet another way to make sure the computer is so protected that it drives you mad.

So let’s list the files:

$ ls -l
total 44
drwxrwx---+ 86 eli         eli          4096 2012-10-16 16:14 eli/
drwx------.  2 root        root        16384 2010-01-15 23:59 lost+found/

Note the ‘+’ and ‘.’ at the end of the “regular” permissions. What they tell us, is that there’s an ACL record on the “eli” directory. So effectively, the classic permissions are overridden. And this has nothing to do with SELinux, which is disabled on my computer.

Let’s see what we’ve got there:

$ getfacl eli
# file: eli
# owner: eli
# group: eli
user::rwx
user:qemu:--x
group::---
mask::rwx
other::--

So it means what it says: Despite the classic permissions, noone expect myself and qemu has permissions to the directory.

The remedy is to remove all ACL entries, and then set the permissions with chmod.

$ setfacl -b eli
$ ls -l
total 40
drwx------. 86 eli         eli          4096 2012-10-16 16:14 eli/
drwx------.  2 root        root        16384 2010-01-15 23:59 lost+found/
$ chmod g+xrw eli/
$ getfacl eli
# file: eli
# owner: eli
# group: eli
user::rwx
group::rwx
other::---

And now the system behaves like good old UNIX.