Login/Register
setfacl remove group permission
Asked Answered
linuxunixsystem
P

5

9

I am trying to remove group ACL from a certain folder. It has permissions as below

$ getfacl --all-effective public
# file: public
# owner: sse02
# group: apache
user::rwx
group::r-x                      #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x              #effective:r-x
default:group:acct:rwx     #effective:rwx
default:mask::rwx
default:other::r-x
$

I wanted to remove the access granted to the group 'acct' with the following command, but it is not simply working

setfacl -x g:acct public

What could be going on wrong? Any ideas?

This is a RHEL5 box with ext3 file system.

Picaroon answered 19/10, 2011 at 16:3 Comment(0)
U
7

The group:acct entry is listed with default: in front, and the setfacl man page suggests that the ACL specification can be (spaces added for clarity in the man page):

[d[efault]:] g[roup]:gid [:perms]

Permissions of a named group. Permissions of the owning group if gid is empty.

I think you should try:

setfacl -x d:g:acct public
Underfoot answered 19/10, 2011 at 17:48 Comment(0)
A
1
 setfacl -Rm g::--- diectoryname
Aric answered 20/1, 2021 at 7:31 Comment(1)
Please add some detailsFunctionalism
S
0

According to https://linux.die.net/man/1/setfacl using -k will remove default ACL permissions.

Here is a sample of how I just removed defaults from a directory:

SSH: getfacl .
# file: .
# owner: root
# group: docker
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

00:01:42
SSH: sudo setfacl -k .
00:01:45
SSH: getfacl .
# file: .
# owner: root
# group: docker
# flags: -s-
user::rwx
group::rwx
other::r-x
Saphead answered 16/4, 2021 at 7:5 Comment(0)
L
0

In general, to remove the group GROUP ACL entries for the DIRECTORY use:

setfacl -x g:GROUP DIRECTORY

To completely remove all ACL entries use:

setfacl -b DIRECTORY

Add -R option to make the actions recursive

Options (from the docs)

-R, --recursive - Apply operations to all files and directories recursively.

-x (--remove) and -X (--remove-file) options remove ACL entries. It is not an error to remove an entry which does not exist.

-b, --remove-all - Remove all extended ACL entries. The base ACL entries of the owner, group and others are retained.

Note: to get the ACL list use

getfacl DIRECTORY
Lingle answered 3/6, 2022 at 16:48 Comment(0)
I
-2

Try

setfacl -d -x g:acct public
Inkberry answered 29/2, 2024 at 17:41 Comment(1)
Please explain why your solution is better than the one in the other answers.Auxiliaries

© 2022 - 2025 — McMap. All rights reserved.