I just shot myself in the foot using Access Control Lists.

# ls -l ./somefile.txt
-rw-r-----+  1 root  www  893  Apr 4 00:44 ./somefile.txt
# getfacl ./somefile.txt
user::rw-
user:www:--x  # effective: ---
group::r-x    # effective: r--
mask::r--
other::---

In the above example, the file inherited the default ACL from the parent directory.

I’m not even going to tell you how long it took me to figure out why the web server couldn’t access the file…

If you can’t find it: check those ACL!

And if you want to drive your colleague crazy:

# setfacl -m u:george:--- /some/random/commonly/used/file

Republish