3
I want to give user 'backup' read-only permissions on a given directory in my Linux system so it can backup all files, regardless of their permissions.
I read about acl and created two test directories (test and test2). I changed their acl by doing:
setfacl -R -m u:backup:r-X test2
and tried to make them default with:
setfacl -R -d -m u:backup:r-X test2
However, when the owner changes test permissions to 700, the backup user cannot cd into test anymore, unless I run setfacl again without -d.
The difference between the two acl's seems to be the #effective field as shown below. Is there a way to permanently override the user's chmod's by using acl so the backup user will always be able to read the directory contents?
Thank you.
$ getfacl test
# file: test # owner: root # group: root user::rwx user:backup:r-x #effective:--- group::r-x #effective:--- mask::--- other::--- default:user::rwx default:user:backup:r-x default:group::r-x default:mask::r-x default:other::r-x
$ getfacl test2
# file: test2 # owner: root # group: root user::rwx user:backup:r-x group::r-x mask::r-x other::--- default:user::rwx default:user:backup:r-x default:group::r-x default:mask::r-x default:other::r-x