group still getting "Permission denied" after ACL added to directory with setfacl

Latest response

I had problem using setfacl for group to access directory /subdirectory of other user at RHEL 7.2 (and 6.7 as well) . Followings are my screen shots after each change
first I used "setfacl -b myApp/" to remove all previous settings and start over
[user1@localhost ~]$ tail -10 /etc/group
....
user1:x:1002:user1
user2:x:1003:user2
user3:x:1004:user3
ncuser:x:1005:user3,user2

[user1@localhost ~]$ setfacl -Rm g:ncuser:wrX myApp/
[user1@localhost ~]$ getfacl myApp/

file: myApp/

owner: user1

group: user1

user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x

switch to user2

[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied

switch back user1

[user1@localhost ~]$ setfacl -Rm d:g:ncuser:wrX myApp/
[user1@localhost ~]$ getfacl myApp/

file: myApp/

owner: user1

group: user1

user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:ncuser:rwx
default:mask::rwx
default:other::r-x

switch to user2

[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied

[user2@localhost ~]$ cd /neet/user1/myApp/data
bash: cd: /neet/user1/myApp/data: Permission denied

switch to user1

[user1@localhost ~]$ find myApp -perm /111 -exec setfacl -m g:ncuser:rwX {} \;
[user1@localhost ~]$ find myApp -not -perm /111 -exec setfacl -m g:ncuser:rw {} \;
[user1@localhost ~]$ getfacl myApp/

file: myApp/

owner: user1

group: user1

user::rwx
group::rwx
group:ncuser:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:ncuser:rwx
default:mask::rwx
default:other::r-x

switch to user2

[user2@localhost ~]$ touch /neet/user1/myApp/a
touch: cannot touch ‘/neet/user1/myApp/a’: Permission denied

Above were tested in my virtual RHEL 7.2 and I repeated the same scripts on physical RHEL 6.7, and turn out the same result. I checked with many sites online, they all referred to the same setfacl script. However, if I setfacl the same myApp with user2 (or user3) u:user2:rwX myApp/, the rule worked, meaning user2 could touch, cp or edit a file under myApp/

CC

Responses