I have several users in several different groups. So...

sudo su

>$ ls -l /home/
drwxr-x---   5 root   group1         4096 Mar 18 12:44 group1
drwxr-x---   6 root   group2         4096 Feb  9 13:58 group2

>$ ls -l /home/group1
drwx------ 6 user1 group1 4096 Mar 23 15:57 user1
drwx------ 6 user2 group1 4096 Mar 23 12:19 user2

Now user3 is a member of group2. I want user3 to be able to read and execute user1's home directory but I don't want to permit user2 (who is in the same group as user1) to have any permissions to user1's home directory.

If I try using acl's.

>$ getfacl /home/group1/user1
# file: user1/
# owner: user1
# group: group1
user::rwx
group::---
other::---

>$ setfacl -m u:user3:rx /home/group1/user1/
>$ getfacl /home/group1/user1
# file: user1/
# owner: user1
# group: group1
user::rwx
user:user3:r-x
group::---
mask::r-x
other::---

>$ ls -l /home/group1
drwxr-x---+ 11 user1 group1 4096 Mar 22 14:57 user1
drwx------   6 user2 group1 4096 Mar 23 12:19 user2

Since I changed the acl's, the group permissions of user1's home directory also changed. Now user2 can read and execute in user1's home directory. The man page for setfacl is a bit sparse.

QUESTION : is there a way to give user3 (who's in group2) permission to user1's home directory without automatically giving user2 permission?

I would like to use acl's for this.