Referring to info ls
, section "What info is listed,"
For a file with an extended access control list, a `+' character is listed. Basic access control lists are equivalent to the permissions listed, and are not considered an alternate access method.
Just as Microsoft Windows "outgrew" its MS-DOS underpinnings (where the only sense of "security" was a "Locked" flag...), Linux filesystems also "outgrew" the good ol' -rwxr--r--
permissions mask. Both of them adopted the notion of access control lists,
as discussed (in the case of Linux) at man acl
The Linux ACL implementation was designed to be aware that "applications which are not aware of the existence of ACLs, or that have no particular need
to be so aware, must continue to work." This is why the ls
command continues to present you with "that familiar set of flags," but
with the "+
" character to clue you that something beyond that
is really going on.
Start with the getfacl
command. (Thus suggests the all-knowing apropos acl
...) You need to see the entire
set of access-controls that really
apply to this file, "not just the mask." The reason why you don't understand why you're getting the "permission denied" message is that more than 'just the mask'
is controlling the effective permissions to this file.
Now... the ACL feature was... shall we diplomatically
say... "designed by committee."
So, "I am going to be very
mean to you now,"
and invite you to read the man acl
page and tell me if you
understand a word of it. (If you do,
I have a leather-bound copy of Robert's Rules of Order
to give you.)