# ACL has no affect.

## dE_logics

I've add users and groups to ACL, but they seem to get ignored. They've no affect at all. Even the default user/group/other permissions have no affect.

```
 getfacl ACL/

# file: ACL/

# owner: root

# group: root

user::rwx

group::rwx

other::rwx

default:user::rwx

default:user:de:---

default:group::rwx

default:mask::rwx

default:other::rwx
```

```
de@DESKTOP_MINER ~ $ cd ACL/; ls

dir  file
```

So default:user:de:--- is being ignored.

I invert the situation -- 

```
getfacl ACL/

# file: ACL/

# owner: root

# group: root

user::rwx

group::rwx

other::---

default:user::rwx

default:user:de:rwx

default:group::rwx

default:mask::rwx

default:other::---
```

To get -- 

```

$ cd ACL/; ls

bash: cd: ACL/: Permission denied
```

----------

## dE_logics

Hummm...

I see this's NOT normal behavior.

Unfortunately, the same thing happens with that Fedora VM which's installed on ext4.

----------

## ulenrich

Perhaps "ls" does too much itself: 

It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel?

----------

## dE_logics

 *ulenrich wrote:*   

> Perhaps "ls" does too much itself: 
> 
> It explores the old 4byte posix allowences, before it tries to get the requested info from the kernel?

 

The permission should be enforced by the kernel. No use if a non-root user can modify them.

----------

## dE_logics

I tried to open the dir using dolphin, but that too says access denied.

----------

## dE_logics

Resolving to the kernel mailing list.

----------

## ulenrich

Please report back, I ever wanted to know 

how these acls are supposed to funciton ...

----------

## dE_logics

I contacted the ACL utils devs and they asked to me to read the alc(5) man page.

Now I clarify -- it works.

----------

## ulenrich

 *dE_logics wrote:*   

> it works.

 What did you do wrongly?

----------

## py-ro

The "old" Posix bytes are the my you can get with ACLs, it is like a upper limit. If it says like 600, even a ACL can't allow anyone other then the user to read or write it.

----------

## dE_logics

 *ulenrich wrote:*   

>  *dE_logics wrote:*   it works. What did you do wrongly?

 

Now I don't remember (my mail box is full, I didn't read your reply).

There was some misunderstanding with the concepts.

----------

