I want to give user 'backup' read-only permissions on a given directory in my Linux system so it can backup all files, regardless of their permissions.

I read about acl and created two test directories (test and test2). I changed their acl by doing:

setfacl -R -m u:backup:r-X test2

and tried to make them default with:

setfacl -R -d -m u:backup:r-X test2

However, when the owner changes test permissions to 700, the backup user cannot cd into test anymore, unless I run setfacl again without -d.

The difference between the two acl's seems to be the #effective field as shown below. Is there a way to permanently override the user's chmod's by using acl so the backup user will always be able to read the directory contents?

Thank you.

$ getfacl test

# file: test
# owner: root
# group: root
user::rwx
user:backup:r-x         #effective:---
group::r-x          #effective:---
mask::---
other::---
default:user::rwx
default:user:backup:r-x
default:group::r-x
default:mask::r-x
default:other::r-x

$ getfacl test2

# file: test2
# owner: root
# group: root
user::rwx
user:backup:r-x
group::r-x
mask::r-x
other::---
default:user::rwx
default:user:backup:r-x
default:group::r-x
default:mask::r-x
default:other::r-x