Can’t delete files from a directory with ACL permissions

access-control-list

I'm getting stuck on acl for delete permissions.

My ssh default user is ddn and apache user www-data.

I set the following setfacl commands like this:

setfacl -m u:www-data:rwx,u:ddn:rwx shared/web/cache
setfacl -Rdm u:www-data:rwx,u:ddn:rwx shared/web/cache

But if I try to delete some files in this folder with the find command, I got denied permissions:

$ find shared/web/cache/ -type f -atime +70 -delete
find: cannot delete `shared/web/cache/e/f/7/d/7/ef7d7d26367b934f6965b6492b7183058669c80f.jpeg': Permission denied
find: cannot delete `shared/web/cache/f/e/7/f/0/fe7f09691670a1762c925d705135dc455752fb85.png': Permission denied
find: cannot delete `shared/web/cache/f/b/9/d/7/fb9d77e331ff45de1468ac584fa57e0c3aa6477a.png': Permission denied
find: cannot delete `shared/web/cache/f/1/e/f/9/f1ef953fde22f5d60f93dcc178130a894c2878f0.png': Permission denied
find: cannot delete `shared/web/cache/f/0/c/2/1/f0c21c21ae7f95d712dbe2c9255429022e33f31f.jpeg': Permission denied
find: cannot delete `shared/web/cache/2/f/8/f/7/2f8f78653021fffb99817b6a48c4d629a7de0aa6.png': Permission denied
find: cannot delete `shared/web/cache/2/f/9/d/7/2f9d7d22832a3517598bb61df2572869c30f7630.png': Permission denied

Same error with a simple rm command.

When I try to get acl info on one of those files:

$ getfacl shared/web/cache/e/f/7/d/7/ef7d7d26367b934f6965b6492b7183058669c80f.jpeg
# file: shared/web/cache/e/f/7/d/7/ef7d7d26367b934f6965b6492b7183058669c80f.jpeg
# owner: www-data
# group: www-data
user::rw-
user:www-data:rwx       #effective:rw-
user:ddn:rwx            #effective:rw-
group::r-x          #effective:r--
mask::rw-
other::r--

And the last folder:

$ getfacl shared/web/cache/e/f/7/d/7/
# file: shared/web/cache/e/f/7/d/7/
# owner: www-data
# group: www-data
user::rwx
user:www-data:rwx       #effective:r-x
user:ddn:rwx            #effective:r-x
group::r-x
mask::r-x
other::r-x
default:user::rwx
default:user:www-data:rwx
default:user:ddn:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

I think I miss an important option on the setfacl command. Did you already got this issue? How to solve it?

Thanks.

Best Answer

for setting the ACL permissions recurrently and effectivily in to the directory. you have to use below commands in the order. 

setfacl -Rdm u:www-data:rwx,u:ddn:rwx shared/web/cache

(It will only for the future files)

setfacl -Rm u:www-data:rwx,u:ddn:rwx shared/web/cache

(Existing files and directories)

Related Topic