group still getting "Permission denied" after ACL added to directory with setfacl
I had problem using setfacl for group to access directory /subdirectory of other user at RHEL 7.2 (and 6.7 as well) . Followings are my screen shots after each change
first I used "setfacl -b myApp/" to remove all previous settings and start over
[user1@localhost ~]$ tail -10 /etc/group
....
user1:x:1002:user1
user2:x:1003:user2
user3:x:1004:user3
ncuser:x:1005:user3,user2
[user1@localhost ~]$ setfacl -Rm g:ncuser:wrX myApp/
[user1@localhost ~]$ getfacl myApp/
file: myApp/
owner: user1
group: user1
user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x
switch to user2
[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied
switch back user1
[user1@localhost ~]$ setfacl -Rm d:g:ncuser:wrX myApp/
[user1@localhost ~]$ getfacl myApp/
file: myApp/
owner: user1
group: user1
user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:ncuser:rwx
default:mask::rwx
default:other::r-x
switch to user2
[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied
[user2@localhost ~]$ cd /neet/user1/myApp/data
bash: cd: /neet/user1/myApp/data: Permission denied
switch to user1
[user1@localhost ~]$ find myApp -perm /111 -exec setfacl -m g:ncuser:rwX {} \;
[user1@localhost ~]$ find myApp -not -perm /111 -exec setfacl -m g:ncuser:rw {} \;
[user1@localhost ~]$ getfacl myApp/
file: myApp/
owner: user1
group: user1
user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:ncuser:rwx
default:mask::rwx
default:other::r-x
switch to user2
[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied
Above were tested in my virtual RHEL 7.2 and I repeated the same scripts on physical RHEL 6.7, and turn out the same result. I checked with many sites online, they all referred to the same setfacl script. However, if I setfacl the same myApp with user2 (or user3) u:user2:rwX myApp/, the rule worked, meaning user2 could touch, cp or edit a file under myApp/